Skip to content

Instantly share code, notes, and snippets.

@imvickykumar999

imvickykumar999/sql-tutorial.ipynb

Created March 16, 2023 16:09
Show Gist options
  • Save imvickykumar999/a59ad110a3c60f0d93d4284c67fa5404 to your computer and use it in GitHub Desktop.
Save imvickykumar999/a59ad110a3c60f0d93d4284c67fa5404 to your computer and use it in GitHub Desktop.
Download ZIP
SQL Tutorial.ipynb
Display the source blob
Display the rendered blob
Raw
sql-tutorial.ipynb
{
"nbformat": 4,
"nbformat_minor": 0,
"metadata": {
"colab": {
"provenance": [],
"authorship_tag": "ABX9TyM85ZDS7DDhk+S1rT37HR/o",
"include_colab_link": true
},
"kernelspec": {
"name": "python3",
"display_name": "Python 3"
},
"language_info": {
"name": "python"
}
},
"cells": [
{
"cell_type": "markdown",
"metadata": {
"id": "view-in-github",
"colab_type": "text"
},
"source": [
"<a href=\"https://colab.research.google.com/gist/imvickykumar999/a59ad110a3c60f0d93d4284c67fa5404/sql-tutorial.ipynb\" target=\"_parent\"><img src=\"https://colab.research.google.com/assets/colab-badge.svg\" alt=\"Open In Colab\"/></a>"
]
},
{
"cell_type": "markdown",
"source": [
"# [SQL using Python](https://www.geeksforgeeks.org/sql-using-python)"
],
"metadata": {
"id": "uJ6gZ9cKLCfx"
}
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"id": "xtpN4QPzK2Tg"
},
"outputs": [],
"source": [
"# ! pip install mysql-connector-python"
]
},
{
"cell_type": "code",
"source": [
"import sqlite3"
],
"metadata": {
"id": "rdybIaySLMwN"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"sqliteConnection = sqlite3.connect('gfg.db')\n",
"sqliteConnection"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "PEtzpDBox4VV",
"outputId": "25b3751d-ef29-43f7-c421-b6ed97aa58a8"
},
"execution_count": null,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/plain": [
"<sqlite3.Connection at 0x7f6ff85626c0>"
]
},
"metadata": {},
"execution_count": 8
}
]
},
{
"cell_type": "code",
"source": [
"cursor = sqliteConnection.cursor()\n",
"cursor"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "sYr0bX-Tyk1B",
"outputId": "ec5a59e9-7ee9-4426-c688-4b8d89b90436"
},
"execution_count": null,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/plain": [
"<sqlite3.Cursor at 0x7f6ff81a7260>"
]
},
"metadata": {},
"execution_count": 9
}
]
},
{
"cell_type": "code",
"source": [
"import sqlite3\n",
" \n",
"# connecting to the database\n",
"connection = sqlite3.connect(\"gfg.db\")\n",
" \n",
"# cursor\n",
"crsr = connection.cursor()\n",
" \n",
"# print statement will execute if there\n",
"# are no errors\n",
"print(\"Connected to the database\")\n",
" \n",
"# close the connection\n",
"connection.close()"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "oSxdPslOy9PP",
"outputId": "537458a1-87b0-4483-e684-fd5af45c9bd8"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"Connected to the database\n"
]
}
]
},
{
"cell_type": "code",
"source": [
"import sqlite3\n",
" \n",
"# connecting to the database\n",
"connection = sqlite3.connect(\"gfg.db\")\n",
" \n",
"# cursor\n",
"crsr = connection.cursor()\n",
" \n",
"# SQL command to create a table in the database\n",
"sql_command = \"\"\"\n",
"CREATE TABLE emp (\n",
"staff_number INTEGER PRIMARY KEY,\n",
"fname VARCHAR(20),\n",
"lname VARCHAR(30),\n",
"gender CHAR(1),\n",
"joining DATE);\n",
"\"\"\"\n",
" \n",
"# execute the statement\n",
"crsr.execute(sql_command)\n",
" \n",
"# close the connection\n",
"connection.close()"
],
"metadata": {
"id": "R2TUGvLwzrei"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"# Python code to demonstrate table creation and\n",
"# insertions with SQL\n",
" \n",
"# importing module\n",
"import sqlite3\n",
" \n",
"# connecting to the database\n",
"connection = sqlite3.connect(\"gfg.db\")\n",
" \n",
"# cursor\n",
"crsr = connection.cursor()\n",
" \n",
"# SQL command to insert the data in the table\n",
"sql_command = \"\"\"\n",
"INSERT INTO emp VALUES (23, \"Rishabh\", \"Bansal\", \"M\", \"2014-03-28\");\n",
"\"\"\"\n",
"crsr.execute(sql_command)\n",
" \n",
"# another SQL command to insert the data in the table\n",
"sql_command = \"\"\"\n",
"INSERT INTO emp VALUES (1, \"Bill\", \"Gates\", \"M\", \"1980-10-28\");\n",
"\"\"\"\n",
"crsr.execute(sql_command)\n",
" \n",
"# To save the changes in the files. Never skip this.\n",
"# If we skip this, nothing will be saved in the database.\n",
"connection.commit()\n",
" \n",
"# close the connection\n",
"connection.close()"
],
"metadata": {
"id": "aGyNlqyp1YJz"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"# importing module\n",
"import sqlite3\n",
" \n",
"# connecting to the database\n",
"connection = sqlite3.connect(\"gfg.db\")\n",
" \n",
"# cursor\n",
"crsr = connection.cursor()\n",
" \n",
"# primary key\n",
"pk = [2, 3, 4, 5, 6]\n",
" \n",
"# Enter 5 students first names\n",
"f_name = ['Nikhil', 'Nisha', 'Abhinav', 'Raju', 'Anshul']\n",
" \n",
"# Enter 5 students last names\n",
"l_name = ['Aggarwal', 'Rawat', 'Tomar', 'Kumar', 'Aggarwal']\n",
" \n",
"# Enter their gender respectively\n",
"gender = ['M', 'F', 'M', 'M', 'F']\n",
" \n",
"# Enter their joining data respectively\n",
"date = ['2019-08-24', '2020-01-01', '2018-05-14', '2015-02-02', '2018-05-14']\n",
" \n",
"for i in range(5):\n",
" # This is the q-mark style:\n",
" crsr.execute(f'INSERT INTO emp VALUES ({pk[i]}, \"{f_name[i]}\", \"{l_name[i]}\", \"{gender[i]}\", \"{date[i]}\")')\n",
" \n",
"# To save the changes in the files. Never skip this.\n",
"# If we skip this, nothing will be saved in the database.\n",
"connection.commit()\n",
" \n",
"# close the connection\n",
"connection.close()"
],
"metadata": {
"id": "Oe4e446T1x1R"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"# importing the module\n",
"import sqlite3\n",
" \n",
"# connect with the myTable database\n",
"connection = sqlite3.connect(\"gfg.db\")\n",
" \n",
"# cursor object\n",
"crsr = connection.cursor()\n",
" \n",
"# execute the command to fetch all the data from the table emp\n",
"crsr.execute(\"SELECT * FROM emp\")\n",
" \n",
"# store all the fetched data in the ans variable\n",
"ans = crsr.fetchall()\n",
" \n",
"# Since we have already selected all the data entries\n",
"# using the \"SELECT *\" SQL command and stored them in\n",
"# the ans variable, all we need to do now is to print\n",
"# out the ans variable\n",
"for i in ans:\n",
" print(i)"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "v9BVXNxD2aTv",
"outputId": "5a897489-9cb1-4ceb-f506-d6225b1d1466"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"(1, 'Bill', 'Gates', 'M', '1980-10-28')\n",
"(2, 'Nikhil', 'Aggarwal', 'M', '2019-08-24')\n",
"(3, 'Nisha', 'Rawat', 'F', '2020-01-01')\n",
"(4, 'Abhinav', 'Tomar', 'M', '2018-05-14')\n",
"(5, 'Raju', 'Kumar', 'M', '2015-02-02')\n",
"(6, 'Anshul', 'Aggarwal', 'F', '2018-05-14')\n",
"(23, 'Rishabh', 'Bansal', 'M', '2014-03-28')\n"
]
}
]
},
{
"cell_type": "code",
"source": [
"type(ans[0])"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "OwWCCkSZ2wTc",
"outputId": "a38d1d28-7ae1-4850-da00-9843c4929a68"
},
"execution_count": null,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/plain": [
"tuple"
]
},
"metadata": {},
"execution_count": 17
}
]
},
{
"cell_type": "code",
"source": [
"# Import module\n",
"import sqlite3\n",
" \n",
"# Connecting to sqlite\n",
"conn = sqlite3.connect('gfg.db')\n",
" \n",
"# Creating a cursor object using\n",
"# the cursor() method\n",
"cursor = conn.cursor()\n",
" \n",
"# Updating\n",
"cursor.execute('''\n",
"UPDATE emp SET lname = \"Jyoti\" WHERE fname=\"Rishabh\";\n",
"''')\n",
" \n",
"# Commit your changes in the database\n",
"conn.commit()\n",
" \n",
"# Closing the connection\n",
"conn.close()"
],
"metadata": {
"id": "Rg1B7zJC24JR"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"crsr.execute(\"SELECT * FROM emp\")\n",
"ans = crsr.fetchall()\n",
"ans"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "1gpLYjOW3ZA-",
"outputId": "60ae7398-50ef-427d-d097-bca96ae9c932"
},
"execution_count": null,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/plain": [
"[(1, 'Bill', 'Gates', 'M', '1980-10-28'),\n",
" (2, 'Nikhil', 'Aggarwal', 'M', '2019-08-24'),\n",
" (3, 'Nisha', 'Rawat', 'F', '2020-01-01'),\n",
" (4, 'Abhinav', 'Tomar', 'M', '2018-05-14'),\n",
" (5, 'Raju', 'Kumar', 'M', '2015-02-02'),\n",
" (6, 'Anshul', 'Aggarwal', 'F', '2018-05-14'),\n",
" (23, 'Rishabh', 'Jyoti', 'M', '2014-03-28')]"
]
},
"metadata": {},
"execution_count": 22
}
]
},
{
"cell_type": "code",
"source": [
"# Import module\n",
"import sqlite3\n",
" \n",
"# Connecting to sqlite\n",
"conn = sqlite3.connect('gfg.db')\n",
" \n",
"# Creating a cursor object using\n",
"# the cursor() method\n",
"cursor = conn.cursor()\n",
" \n",
"# Updating\n",
"cursor.execute('''\n",
"DELETE FROM emp WHERE fname=\"Rishabh\";\n",
"''')\n",
" \n",
"# Commit your changes in the database\n",
"conn.commit()\n",
" \n",
"# Closing the connection\n",
"conn.close()"
],
"metadata": {
"id": "OWcjKIVc3gmS"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"crsr.execute(\"SELECT * FROM emp\")\n",
"ans = crsr.fetchall()\n",
"ans"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "3ANEgzAK3zAT",
"outputId": "b2198661-a1b3-4862-edc4-5119535261b2"
},
"execution_count": null,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/plain": [
"[(1, 'Bill', 'Gates', 'M', '1980-10-28'),\n",
" (2, 'Nikhil', 'Aggarwal', 'M', '2019-08-24'),\n",
" (3, 'Nisha', 'Rawat', 'F', '2020-01-01'),\n",
" (4, 'Abhinav', 'Tomar', 'M', '2018-05-14'),\n",
" (5, 'Raju', 'Kumar', 'M', '2015-02-02'),\n",
" (6, 'Anshul', 'Aggarwal', 'F', '2018-05-14')]"
]
},
"metadata": {},
"execution_count": 24
}
]
},
{
"cell_type": "code",
"source": [
"import sqlite3\n",
" \n",
"# connecting to the database\n",
"connection = sqlite3.connect(\"gfg.db\")\n",
" \n",
"# cursor\n",
"crsr = connection.cursor()\n",
" \n",
"# SQL command to create a table in the database\n",
"sql_command = \"\"\"\n",
"CREATE TABLE Student (\n",
"staff_number INTEGER PRIMARY KEY,\n",
"fname VARCHAR(20),\n",
"lname VARCHAR(30),\n",
"gender CHAR(1),\n",
"joining DATE);\n",
"\"\"\"\n",
" \n",
"# execute the statement\n",
"crsr.execute(sql_command)\n",
" \n",
"# close the connection\n",
"connection.close()"
],
"metadata": {
"id": "udaC846H4iui"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"# Import module\n",
"import sqlite3\n",
" \n",
"# Connecting to sqlite\n",
"conn = sqlite3.connect('gfg.db')\n",
" \n",
"# Creating a cursor object using\n",
"# the cursor() method\n",
"cursor = conn.cursor()\n",
" \n",
"# Updating\n",
"cursor.execute('''\n",
"DROP TABLE Student;\n",
"''')\n",
" \n",
"# Commit your changes in the database\n",
"conn.commit()\n",
" \n",
"# Closing the connection\n",
"conn.close()"
],
"metadata": {
"id": "muGS4ikm32Gt"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"try:\n",
" conn = sqlite3.connect('gfg.db')\n",
" crsr = conn.cursor()\n",
" crsr.execute(\"SELECT * FROM Student\")\n",
" ans = crsr.fetchall()\n",
" \n",
"except Exception as ans:\n",
" print(ans)"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "2J05x8554C06",
"outputId": "b2b54871-86c6-4d35-e6f8-d76cc0f848f0"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"no such table: Student\n"
]
}
]
},
{
"cell_type": "markdown",
"source": [
"# [SQLite - Python](https://www.tutorialspoint.com/sqlite/sqlite_python.htm)"
],
"metadata": {
"id": "6x3qm2ke5DTe"
}
},
{
"cell_type": "code",
"source": [
"import sqlite3\n",
"\n",
"conn = sqlite3.connect('test.db')\n",
"\n",
"print (\"Opened database successfully\");"
],
"metadata": {
"id": "mWYTJw484pP7",
"colab": {
"base_uri": "https://localhost:8080/"
},
"outputId": "55c48c94-e846-4606-f038-4b70c4d04384"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"Opened database successfully\n"
]
}
]
},
{
"cell_type": "code",
"source": [
"conn = sqlite3.connect('test.db')\n",
"\n",
"conn.execute('''\n",
"CREATE TABLE COMPANY (\n",
" ID INT PRIMARY KEY NOT NULL,\n",
" NAME TEXT NOT NULL,\n",
" AGE INT NOT NULL,\n",
" ADDRESS CHAR(50),\n",
" SALARY REAL\n",
")\n",
"''')\n",
"\n",
"conn.close()"
],
"metadata": {
"id": "8gjWDxCb5PK8"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"conn = sqlite3.connect('test.db')\n",
"\n",
"conn.execute('''\n",
"INSERT INTO COMPANY (\n",
" ID, NAME, AGE, ADDRESS, SALARY\n",
" ) VALUES (\n",
" 1, 'Paul', 32, 'California', 20000.00\n",
" )\n",
"''')\n",
"\n",
"conn.execute('''\n",
"INSERT INTO COMPANY (\n",
" ID, NAME, AGE, ADDRESS, SALARY\n",
" ) VALUES (\n",
" 2, 'Allen', 25, 'Texas', 15000.00\n",
" )\n",
"''')\n",
"\n",
"conn.execute('''\n",
"INSERT INTO COMPANY (\n",
" ID, NAME, AGE, ADDRESS, SALARY\n",
" ) VALUES (\n",
" 3, 'Teddy', 23, 'Norway', 20000.00\n",
" )\n",
"''')\n",
"\n",
"conn.execute('''\n",
"INSERT INTO COMPANY (\n",
" ID, NAME, AGE, ADDRESS, SALARY\n",
" ) VALUES (\n",
" 4, 'Mark', 25, 'Rich-Mond', 65000.00\n",
" )\n",
"''')\n",
"\n",
"conn.commit()\n",
"conn.close()"
],
"metadata": {
"id": "1eNjtmf27IVP"
},
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"source": [
"conn = sqlite3.connect('test.db')\n",
"\n",
"cursor = conn.execute('''\n",
"SELECT ID, NAME, ADDRESS, SALARY FROM COMPANY\n",
"''')\n",
"\n",
"for row in cursor:\n",
" print(row)\n",
"\n",
"conn.close()"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "jgcz_SXw-t0Y",
"outputId": "c2039427-4fee-4fb1-e841-6851733109d1"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"(1, 'Paul', 'California', 20000.0)\n",
"(2, 'Allen', 'Texas', 15000.0)\n",
"(3, 'Teddy', 'Norway', 20000.0)\n",
"(4, 'Mark', 'Rich-Mond', 65000.0)\n"
]
}
]
},
{
"cell_type": "code",
"source": [
"conn = sqlite3.connect('test.db')\n",
"\n",
"NAME = input('Enter NAME : ')\n",
"ADDRESS = input('Enter ADDRESS : ')\n",
"\n",
"command = f'''\n",
"SELECT * FROM COMPANY\n",
"WHERE NAME='{NAME}' AND ADDRESS='{ADDRESS}'\n",
"'''\n",
"\n",
"print(command)\n",
"cursor = conn.execute(command)\n",
"\n",
"for row in cursor:\n",
" print(row)\n",
"\n",
"conn.close()\n",
"\n",
"# Getting only one row, without knowing `Address`."
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "SuFs7PA3AD41",
"outputId": "10359ff1-6712-490b-ce34-ccb14c74e057"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"Enter NAME : Paul' --\n",
"Enter ADDRESS : 123\n",
"\n",
"SELECT * FROM COMPANY\n",
"WHERE NAME='Paul' --' AND ADDRESS='123'\n",
"\n",
"(1, 'Paul', 32, 'California', 20000.0)\n"
]
}
]
},
{
"cell_type": "markdown",
"source": [
"# Implementing SQL Injection"
],
"metadata": {
"id": "Wv0DfNnuDK4G"
}
},
{
"cell_type": "code",
"source": [
"conn = sqlite3.connect('test.db')\n",
"\n",
"NAME = input('Enter NAME : ')\n",
"ADDRESS = input('Enter ADDRESS : ')\n",
"\n",
"command = f'''\n",
"SELECT * FROM COMPANY\n",
"WHERE NAME='{NAME}' AND ADDRESS='{ADDRESS}'\n",
"'''\n",
"\n",
"print(command)\n",
"cursor = conn.execute(command)\n",
"\n",
"for row in cursor:\n",
" print(row)\n",
"\n",
"conn.close()"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "es8m5ragAPDT",
"outputId": "73a17130-9be6-4f36-b19b-56ccd552f30e"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"Enter NAME : ' OR 1=1 --\n",
"Enter ADDRESS : 123\n",
"\n",
"SELECT * FROM COMPANY\n",
"WHERE NAME='' OR 1=1 --' AND ADDRESS='123'\n",
"\n",
"(1, 'Paul', 32, 'California', 20000.0)\n",
"(2, 'Allen', 25, 'Texas', 15000.0)\n",
"(3, 'Teddy', 23, 'Norway', 20000.0)\n",
"(4, 'Mark', 25, 'Rich-Mond', 65000.0)\n"
]
}
]
},
{
"cell_type": "code",
"source": [
"import sqlite3\n",
"\n",
"conn = sqlite3.connect('test.db')\n",
"\n",
"conn.execute('''\n",
"UPDATE COMPANY SET SALARY = 25000.00\n",
"WHERE ID = 1\n",
"''')\n",
"\n",
"print('Total number of rows updated : ', conn.total_changes)\n",
"\n",
"crsr = conn.execute('''\n",
"SELECT ID, NAME, ADDRESS, SALARY FROM COMPANY\n",
"''')\n",
"\n",
"conn.commit()\n",
"\n",
"for row in crsr:\n",
" print (\"ID = \", row[0])\n",
" print (\"NAME = \", row[1])\n",
" print (\"ADDRESS = \", row[2])\n",
" print (\"SALARY = \", row[3], \"\\n\")\n",
"\n",
"print (\"Operation done successfully\")\n",
"conn.close()"
],
"metadata": {
"id": "EhjlsADLCysS",
"colab": {
"base_uri": "https://localhost:8080/"
},
"outputId": "7f020d16-2b54-4e10-cdaf-631fa5f1868d"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"Total number of rows updated : 1\n",
"ID = 1\n",
"NAME = Paul\n",
"ADDRESS = California\n",
"SALARY = 25000.0 \n",
"\n",
"ID = 2\n",
"NAME = Allen\n",
"ADDRESS = Texas\n",
"SALARY = 15000.0 \n",
"\n",
"ID = 3\n",
"NAME = Teddy\n",
"ADDRESS = Norway\n",
"SALARY = 20000.0 \n",
"\n",
"ID = 4\n",
"NAME = Mark\n",
"ADDRESS = Rich-Mond\n",
"SALARY = 65000.0 \n",
"\n",
"Operation done successfully\n"
]
}
]
},
{
"cell_type": "code",
"source": [
"import sqlite3\n",
"\n",
"conn = sqlite3.connect('test.db')\n",
"print (\"Opened database successfully\");\n",
"\n",
"conn.execute(\"DELETE from COMPANY where ID = 2;\")\n",
"conn.commit()\n",
"print (\"Total number of rows deleted :\", conn.total_changes)\n",
"\n",
"cursor = conn.execute(\"SELECT id, name, address, salary from COMPANY\")\n",
"for row in cursor:\n",
" print (\"ID = \", row[0])\n",
" print (\"NAME = \", row[1])\n",
" print (\"ADDRESS = \", row[2])\n",
" print (\"SALARY = \", row[3], \"\\n\")\n",
"\n",
"print (\"Operation done successfully\")\n",
"conn.close()"
],
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "9LDN0E_mr3T8",
"outputId": "131143e9-9817-4e9d-bfb0-81f0206645ae"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"Opened database successfully\n",
"Total number of rows deleted : 0\n",
"ID = 1\n",
"NAME = Paul\n",
"ADDRESS = California\n",
"SALARY = 25000.0 \n",
"\n",
"ID = 3\n",
"NAME = Teddy\n",
"ADDRESS = Norway\n",
"SALARY = 20000.0 \n",
"\n",
"ID = 4\n",
"NAME = Mark\n",
"ADDRESS = Rich-Mond\n",
"SALARY = 65000.0 \n",
"\n",
"Operation done successfully\n"
]
}
]
},
{
"cell_type": "markdown",
"source": [
"# [Adding form fields](https://colab.research.google.com/notebooks/snippets/forms.ipynb#scrollTo=TyFZFP2yN3vh)"
],
"metadata": {
"id": "wcyb4K9Vucvq"
}
},
{
"cell_type": "code",
"source": [
"#@title SQL Injection Form { display-mode: \"both\" }\n",
"conn = sqlite3.connect('test.db')\n",
"\n",
"NAME = \"' OR 1=1 --\" #@param {type: \"string\"}\n",
"ADDRESS = \"any random password will work\" #@param {type: \"string\"}\n",
"\n",
"command = f'''\n",
"SELECT * FROM COMPANY\n",
"WHERE NAME='{NAME}' AND ADDRESS='{ADDRESS}'\n",
"'''\n",
"print(command)\n",
"cursor = conn.execute(command)\n",
"\n",
"for row in cursor:\n",
" print(row)\n",
"\n",
"conn.close()\n",
"#@markdown ---"
],
"metadata": {
"id": "hOIi_WLXsa3C",
"colab": {
"base_uri": "https://localhost:8080/"
},
"outputId": "df3dd574-35d9-4d46-8b6d-ab88ea75dc8b"
},
"execution_count": null,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"\n",
"SELECT * FROM COMPANY\n",
"WHERE NAME='' OR 1=1 --' AND ADDRESS='any random password will work'\n",
"\n",
"(1, 'Paul', 32, 'California', 25000.0)\n",
"(3, 'Teddy', 23, 'Norway', 20000.0)\n",
"(4, 'Mark', 25, 'Rich-Mond', 65000.0)\n"
]
}
]
},
{
"cell_type": "code",
"source": [],
"metadata": {
"id": "CAR5ykJvt7SS"
},
"execution_count": null,
"outputs": []
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment