Advertisement
AceScottie

sql_dictionarybuilder.py

Jan 7th, 2020
409
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.47 KB | None | 0 0
  1. def sql_insert(self, table="", uptype="INSERT", sqldict={}, filters={}):
  2.         self.states['Activity'] = 1
  3.         fil=""
  4.         if len(filters) > 0:
  5.             fil += "where "
  6.             for key, value in filters.items():
  7.                 fil += "%s = '%s' and " %(key, value)
  8.             fil = fil[0:-4]
  9.         if uptype == "INSERT":
  10.             cols = [None] * len(sqldict)
  11.             row = [None] * len(sqldict)
  12.             i = 0
  13.             for key, value in sqldict.items():
  14.                 cols[i] = key
  15.                 if value != "NULL" and value != None:
  16.                     row[i] = "'%s'" %self.sf.safe_var(str(value))
  17.                 else:
  18.                     row[i] = "NULL"
  19.                 i+=1
  20.             columns = ''', '''.join(cols)
  21.             data = ', '.join(row)
  22.             query = '''INSERT INTO %s ( %s ) VALUES ( %s ) %s;''' % (table, columns, data, fil)
  23.         elif uptype == "UPDATE":
  24.             updates = ""
  25.             for key, value in sqldict.items():
  26.                 if value != "NULL" and value != None:
  27.                     updates += "%s = '%s', " %(key, self.sf.safe_var(str(value)))
  28.                 else:
  29.                     updates += "%s = NULL, " %key
  30.             if updates != "":
  31.                 updates = updates[0:-2]
  32.             query = '''UPDATE %s SET %s %s;''' % (table, updates, fil)
  33.         elif uptype == "DELETE":
  34.             query = '''DELETE FROM %s %s;''' % (table, fil)
  35.         return query
  36.  
  37. class SafeVars:
  38.     def __init__(self):
  39.         self.strtype = type("test")
  40.         self.inttype = type(0)
  41.         self.datetype = type(datetime.now())
  42.     def safe_var(self, userinput):
  43.         if type(userinput) == self.strtype:
  44.             output = self.safe_string(userinput)
  45.         elif type(userinput) == self.inttype:
  46.             output = self.safe_int(userinput)
  47.         elif type(userinput) == self.datetype:
  48.             output = self.safe_date(userinput)
  49.         else:
  50.             output = userinput
  51.         return output
  52.     def decode_vars(self, userinput):
  53.         if type(userinput) == self.strtype:
  54.             userinput = userinput.encode().decode('unicode-escape')
  55.             #userinput = userinput.encode().decode('unicode-escape')
  56.             output = userinput.encode("latin1").decode("UTF-8")
  57.         elif type(userinput) == self.inttype:
  58.             output = self.safe_int(userinput)
  59.         elif type(userinput) == self.datetype:
  60.             output = self.safe_date(userinput)
  61.         else:
  62.             output = userinput
  63.         return output
  64.     def safe_string(self, userinput):
  65.         output = str(userinput)
  66.         output = output.encode('UTF-8')
  67.         output =  str(output).replace("\\\\", "")[2:-1].replace("\\x", "\\\\x")
  68.         output = output.replace("\\'", "'")
  69.         output = output.replace('"', '\\\\\\"')
  70.         output = output.replace("'", "\\\\\\'")
  71.         return output
  72.     def safe_int(self, userinput):
  73.         output = userinput
  74.  
  75.         return output
  76.     def safe_date(self, userinput):
  77.         return userinput
  78.         pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement