https://github.com/princessmiku/mariadb-sqlbuilder
MariaDB SQL Builder is a simple way to use Maria SQL. Use your own SQL or use the integrated SQL Builder tool.
https://github.com/princessmiku/mariadb-sqlbuilder
python sql
Last synced: 27 days ago
JSON representation
MariaDB SQL Builder is a simple way to use Maria SQL. Use your own SQL or use the integrated SQL Builder tool.
- Host: GitHub
- URL: https://github.com/princessmiku/mariadb-sqlbuilder
- Owner: princessmiku
- License: lgpl-2.1
- Created: 2022-04-22T16:58:39.000Z (almost 4 years ago)
- Default Branch: master
- Last Pushed: 2024-05-17T08:49:48.000Z (almost 2 years ago)
- Last Synced: 2025-09-25T00:58:22.070Z (6 months ago)
- Topics: python, sql
- Language: Python
- Homepage:
- Size: 229 KB
- Stars: 6
- Watchers: 2
- Forks: 1
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# MariaDB SQL Builder
-----
[](https://opensource.org/licenses/LGPL-2.1)
[](https://www.python.org/)
[](https://pepy.tech/project/mariadb-sqlbuilder)
## Security fix 1.1
If you are interested, the content is below
### MariaDB license
This library uses MariaDB Connector/Python, which is released under the terms of the GPLv2 license. For more
information, please see the [license file in the repository](https://github.com/mariadb-corporation/mariadb-connector-python/blob/1.1/LICENSE).
# [Install](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Installation)
Install the package with pip
``pip install mariadb-sqlbuilder``
Installation with pip + github
``pip install git+https://github.com/princessmiku/MariaDB-SQLBuilder``
# [Setup](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Setup)
````python
import mariadb_sqlbuilder
connection = mariadb_sqlbuilder.Connector(
host="HostIP/URL",
user="User",
password="Password",
database="DatabaseToConnect"
)
````
# Example Functions
### Select
```python
result = connection.table("myTable").select("name, age, email").where("age", 25).fetchall()
```
### Insert
```python
connection.table("myTable").insert().set("id", 10).set("age", 25).set("Name", "Helgo").execute()
```
# [Wiki](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki)
For all Details and how to use
## Functions
- **[Select](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Select)**
- **[Insert](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Insert)**
- **[Update](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Update)**
- **[Upsert](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Upsert)**
- **[Delete](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Delete)**
- **[CustomSQL](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Custom-SQL)**
## Content of the fix
I have found a security problem. Variables should be given directly
to the cursor instead of writing them to the SQL. This prevents SQL injections.
By changing the avoidance of sql injection, the function “get_sql()” now returns “?”
at the points where variables were before.
To get the variables back, there is now “values_for_execute”, which contains the variables in the correct order.
The variables are returned in the type as they are stored.
String as string, integer as integer, datetime as datetime...
**Example**
- ``conn.table().update().values_for_execute``
- ``conn.table().select().values_for_execute``
The variables are used in the statements where I suspect the possibility of SQL injection.
- Setting variables
- Where to query (conditions)
Setting keys or table names, for example, is normally not something a user should do,
so they are written to SQL as normal.
I learned a lot while working on other projects.
This has given me some knowledge about security.
So I thought it was right to apply this to old projects as well.
----------------------------------------------------------------
Not completely used but
Translated with www.DeepL.com/Translator (free version)