# MariaDB SQL Builder
-----
[](https://opensource.org/licenses/LGPL-2.1)
[](https://www.python.org/)
[](https://pepy.tech/project/mariadb-sqlbuilder)
## Security fix 1.1
If you are interested, the content is below
### MariaDB license
This library uses MariaDB Connector/Python, which is released under the terms of the GPLv2 license. For more
information, please see the [license file in the repository](https://github.com/mariadb-corporation/mariadb-connector-python/blob/1.1/LICENSE).
# [Install](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Installation)
Install the package with pip
``pip install mariadb-sqlbuilder``
Installation with pip + github
``pip install git+https://github.com/princessmiku/MariaDB-SQLBuilder``
# [Setup](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Setup)
````python
import mariadb_sqlbuilder
connection = mariadb_sqlbuilder.Connector(
host="HostIP/URL",
user="User",
password="Password",
database="DatabaseToConnect"
)
````
# Example Functions
### Select
```python
result = connection.table("myTable").select("name, age, email").where("age", 25).fetchall()
```
### Insert
```python
connection.table("myTable").insert().set("id", 10).set("age", 25).set("Name", "Helgo").execute()
```
# [Wiki](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki)
For all Details and how to use
## Functions
- **[Select](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Select)**
- **[Insert](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Insert)**
- **[Update](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Update)**
- **[Upsert](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Upsert)**
- **[Delete](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Delete)**
- **[CustomSQL](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Custom-SQL)**
## Content of the fix
I have found a security problem. Variables should be given directly
to the cursor instead of writing them to the SQL. This prevents SQL injections.
By changing the avoidance of sql injection, the function “get_sql()” now returns “?”
at the points where variables were before.
To get the variables back, there is now “values_for_execute”, which contains the variables in the correct order.
The variables are returned in the type as they are stored.
String as string, integer as integer, datetime as datetime...
**Example**
- ``conn.table().update().values_for_execute``
- ``conn.table().select().values_for_execute``
The variables are used in the statements where I suspect the possibility of SQL injection.
- Setting variables
- Where to query (conditions)
Setting keys or table names, for example, is normally not something a user should do,
so they are written to SQL as normal.
I learned a lot while working on other projects.
This has given me some knowledge about security.
So I thought it was right to apply this to old projects as well.
----------------------------------------------------------------
<br>
Not completely used but <br>
Translated with www.DeepL.com/Translator (free version)
Raw data
{
"_id": null,
"home_page": "https://github.com/princessmiku/MariaDB-SQLBuilder",
"name": "MariaDB-SQLBuilder",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7.0",
"maintainer_email": null,
"keywords": "database, mariadb, sql, builder, script builder, mariadb sql",
"author": "Miku",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/47/51/764b69a9c4074bc52a910d2cb65e259968e1b18d005f1dd93506cd3e280f/mariadb_sqlbuilder-1.1.1.tar.gz",
"platform": null,
"description": "# MariaDB SQL Builder\n\n-----\n\n[](https://opensource.org/licenses/LGPL-2.1)\n[](https://www.python.org/)\n[](https://pepy.tech/project/mariadb-sqlbuilder)\n\n## Security fix 1.1\n\nIf you are interested, the content is below\n\n### MariaDB license\n\nThis library uses MariaDB Connector/Python, which is released under the terms of the GPLv2 license. For more \ninformation, please see the [license file in the repository](https://github.com/mariadb-corporation/mariadb-connector-python/blob/1.1/LICENSE).\n\n\n# [Install](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Installation)\nInstall the package with pip\n``pip install mariadb-sqlbuilder``\n\nInstallation with pip + github\n``pip install git+https://github.com/princessmiku/MariaDB-SQLBuilder``\n\n# [Setup](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Setup)\n\n````python\nimport mariadb_sqlbuilder\n\nconnection = mariadb_sqlbuilder.Connector(\n host=\"HostIP/URL\",\n user=\"User\",\n password=\"Password\",\n database=\"DatabaseToConnect\"\n)\n````\n\n# Example Functions\n### Select\n```python\nresult = connection.table(\"myTable\").select(\"name, age, email\").where(\"age\", 25).fetchall()\n```\n\n### Insert\n```python\nconnection.table(\"myTable\").insert().set(\"id\", 10).set(\"age\", 25).set(\"Name\", \"Helgo\").execute()\n```\n\n# [Wiki](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki)\nFor all Details and how to use\n\n## Functions\n\n- **[Select](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Select)**\n- **[Insert](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Insert)**\n- **[Update](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Update)**\n- **[Upsert](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Upsert)**\n- **[Delete](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Builder---Delete)**\n- **[CustomSQL](https://github.com/princessmiku/MariaDB-SQLBuilder/wiki/Custom-SQL)**\n\n\n## Content of the fix\n\nI have found a security problem. Variables should be given directly\nto the cursor instead of writing them to the SQL. This prevents SQL injections.\n\nBy changing the avoidance of sql injection, the function \u201cget_sql()\u201d now returns \u201c?\u201d\nat the points where variables were before.\n\nTo get the variables back, there is now \u201cvalues_for_execute\u201d, which contains the variables in the correct order.\nThe variables are returned in the type as they are stored. \nString as string, integer as integer, datetime as datetime...\n\n**Example**\n\n- ``conn.table().update().values_for_execute``\n- ``conn.table().select().values_for_execute``\n\nThe variables are used in the statements where I suspect the possibility of SQL injection.\n\n- Setting variables\n- Where to query (conditions)\n\nSetting keys or table names, for example, is normally not something a user should do, \nso they are written to SQL as normal.\n\nI learned a lot while working on other projects. \nThis has given me some knowledge about security. \nSo I thought it was right to apply this to old projects as well.\n\n----------------------------------------------------------------\n\n<br>\nNot completely used but <br>\nTranslated with www.DeepL.com/Translator (free version)\n",
"bugtrack_url": null,
"license": "LGPL 2.1",
"summary": "MariaDB SQL Builder is a simple way to use Maria SQL. Use your own SQL or use the integrated Maria SQL Builder tool.",
"version": "1.1.1",
"project_urls": {
"Homepage": "https://github.com/princessmiku/MariaDB-SQLBuilder"
},
"split_keywords": [
"database",
" mariadb",
" sql",
" builder",
" script builder",
" mariadb sql"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "de34fc9ab21416a7b2e190485b3e1959a96ba6add5d7fb1d81f6507dcc1893e9",
"md5": "3104774da86f05216552c3e9679b587f",
"sha256": "c19b01bc87264ef9ca749c7709852bb0f67871c56d7ffc151316231f242d95eb"
},
"downloads": -1,
"filename": "MariaDB_SQLBuilder-1.1.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "3104774da86f05216552c3e9679b587f",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7.0",
"size": 35006,
"upload_time": "2024-05-17T08:50:22",
"upload_time_iso_8601": "2024-05-17T08:50:22.351829Z",
"url": "https://files.pythonhosted.org/packages/de/34/fc9ab21416a7b2e190485b3e1959a96ba6add5d7fb1d81f6507dcc1893e9/MariaDB_SQLBuilder-1.1.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4751764b69a9c4074bc52a910d2cb65e259968e1b18d005f1dd93506cd3e280f",
"md5": "59d0b9bb2fe5394e00ef2bcd9559bc44",
"sha256": "99cdfd0ebeaa5e0e7ddf79cad51a75b96928ee23494830f3a76c34db63271522"
},
"downloads": -1,
"filename": "mariadb_sqlbuilder-1.1.1.tar.gz",
"has_sig": false,
"md5_digest": "59d0b9bb2fe5394e00ef2bcd9559bc44",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7.0",
"size": 25596,
"upload_time": "2024-05-17T08:50:23",
"upload_time_iso_8601": "2024-05-17T08:50:23.575578Z",
"url": "https://files.pythonhosted.org/packages/47/51/764b69a9c4074bc52a910d2cb65e259968e1b18d005f1dd93506cd3e280f/mariadb_sqlbuilder-1.1.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-17 08:50:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "princessmiku",
"github_project": "MariaDB-SQLBuilder",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "mariadb-sqlbuilder"
}
JSON
