Releases: princessmiku/MariaDB-SQLBuilder
Fix
Security Fix
I have found a security problem. Variables should be given directly
to the cursor instead of writing them to the SQL. This prevents SQL injections.
By changing the avoidance of sql injection, the function “get_sql()” now returns “?”
at the points where variables were before.
To get the variables back, there is now “values_for_execute”, which contains the variables in the correct order.
The variables are returned in the type as they are stored.
String as string, integer as integer, datetime as datetime...
Example
conn.table().update().values_for_executeconn.table().select().values_for_execute
The variables are used in the statements where I suspect the possibility of SQL injection.
- Setting variables
- Where to query (conditions)
Setting keys or table names, for example, is normally not something a user should do,
so they are written to SQL as normal.
I learned a lot while working on other projects.
This has given me some knowledge about security.
So I thought it was right to apply this to old projects as well.
What's Changed
- Pylint fixes by @princessmiku in #58
- Security fix by @princessmiku in #59
Full Changelog: v.1.0.0...v.1.1.0
Contributors
Assets 2
v.1.0.0 Release
MariaDB-SQLBuilder is now in 1.0.0
What is new in 1.0.0?
- Checking table names and column names of right spelling
- Checking inserted data of the correct type
- Add Arithmetic functions
- Convert more types in the correct saving string / integer
- Saving conditions for multiple using
- Pylint checking of the most of the code
- Dummy Connector, if you won't use it with a connection
- sub selects
- Rename Connect to Connector
What's Changed
- Merge pull request #15 from princessmiku/development-0.5.1 by @princessmiku in #16
- Development 1.0.0 by @princessmiku in #18
- Development 1.0.0 by @princessmiku in #19
- Development 1.0.0 by @princessmiku in #20
- Add testing workflow by @oloc in #22
- Fix c0103 invalid name by @oloc in #23
- Fix C0321 multiple statements by @oloc in #24
- Fix W0611 unused imports by @oloc in #25
- Connector improvement by @oloc in #26
- add a error function for the dummy connection by @princessmiku in #27
- C0116 missing function or method docstring by @princessmiku in #28
- add C0301 Line too long fix by @princessmiku in #29
- Update testing.yml by @princessmiku in #30
- Pylint fixes by @princessmiku in #31
- Arithmetic operators by @princessmiku in #51
- Exsistens and type checker by @princessmiku in #53
- Implements dummy + fixes by @princessmiku in #54
- Subqueries by @princessmiku in #57
New Contributors
Full Changelog: v.0.5.1...v.1.0.0
Contributors
Assets 2
Validator Update
The library now checks by default for entries with an active database connection whether the entry is possible.
This includes
- Table names
- Column names
- Data types
The advantage of this is that in case of a possible error a request is not sent to the database and you get a more detailed error description.
If you don't want to use this possibility, you can disable it in the connection with use_validator=False.
Example
con = Connector(
host="localhost",
...
use_validator=False
)Also, bugs have been fixed and multiple types are now supported (timedelta, decimal and boolean).
What's Changed
- Exsistens and type checker by @princessmiku in #53
- Implements dummy + fixes by @princessmiku in #54
Full Changelog: v.1.0.0a5...v.1.0.0a6
Contributors
Assets 2
Arithmetic support
In the folder wiki/helpful/arithmetic.md you can find all information about the usage, also there was an update in the selectbuilder by the change
What's Changed
- Arithmetic operators by @princessmiku in #51
Full Changelog: v.1.0.0a4...v.1.0.0a5
Contributors
Assets 2
Pylint and Connect to Connector renameing
For this release a big thanks to @oloc
Oloc brought the idea to change the Connect class to Connector, which makes sense.
Who wants to know more about this can read in the pull request
#26
Also the lib has adapted to the pylint standards for the most part. I was encouraged by Oloc when they suggested a workflow and some changes.
That was very nice, so I tried to incorporate all complaints from pylint as soon as possible.
Seeing the library being used makes me happy. Although I see it in the donwload numbers, but that someone has also actively worked something on it makes me very happy.
What's Changed
- Add testing workflow by @oloc in #22
- Fix c0103 invalid name by @oloc in #23
- Fix C0321 multiple statements by @oloc in #24
- Fix W0611 unused imports by @oloc in #25
- Connector improvement by @oloc in #26
- add a error function for the dummy connection by @princessmiku in #27
- C0116 missing function or method docstring by @princessmiku in #28
- add C0301 Line too long fix by @princessmiku in #29
- Update testing.yml by @princessmiku in #30
- Pylint fixes by @princessmiku in #31
New Contributors
Full Changelog: v.1.0.0a3...v.1.0.0a4
Contributors
Assets 2
Alpha 3 for 1.0.0
Implements a Connection Dummy for people who only want use the sql builder tool
Implements a Conditions Saver
Checkout the wiki in this repo for more information about the new functions
https://github.com/princessmiku/MariaDB-SQLBuilder/tree/master/wiki
What's Changed
- Development 1.0.0 by @princessmiku in #20
Full Changelog: v.1.0.0a2...v.1.0.0a3
Contributors
Assets 2
Alpha Release of 1.0.0
Change many variable names to the pep8 standard, add functions and remove sqlparse as pip requirement
What's Changed
- Merge pull request #15 from princessmiku/development-0.5.1 by @princessmiku in #16
- Development 1.0.0 by @princessmiku in #18
- Development 1.0.0 by @princessmiku in #19
Full Changelog: v.0.5.1...v.1.0.0a2
Contributors
Assets 2
Release v.0.5.1
Contributors
Assets 2
Release v.0.5.0
Add Json Support.
Now possible to get and Set data as a json format.
Added in Select, Update, Insert and Upsert.
Add "Join" in insert and upsert
Now is possiblie to insert data in more then one table with one insert/upsert
And bugfixes