I'm looking for a simple way to handle expression-like statements in Python. My project is an app which connects to an sqlite3 database; I want to make it possible so the user can specify which records they want to get. But I can't let the user directly query the database for many reasons. I want them to be able to type something like "id>14 and name=Kate" and it'd get converted to some kind of an object and this would get converted back to string which would be parsed to an SQL query. Is there a simple way to do it?
Simple enough.
Use SQLAlchemy core with your own gay ass command interpreter on top.
Or use just use any other GUI packages as front end
If you're lazy, you can just insert it directly into the query after deleting SQL keywords like "select", "union", etc. Otherwise, you'll have to parse it with a pretty thorough string manipulation algorithm
>>60623015
very simple but filled with unnecessary scaffolding and other memes
sqlalchemy and even then you still need psycopg2
just write your own. good learning experience
>>60623566
>>60623323
Maybe that SQLAlchemy thing would be a better idea than doing stuff like:def insert(connection, table, what):
qmarks=str()
for i in range(1, len(what)):
qmarks+="?, "
query="INSERT INTO {0} VALUES ({1}?);"
conn=sqlite3.connect(connection.name)
cursor=conn.cursor()
cursor.execute(query.format(table, qmarks), what)
conn.commit()
conn.close()
>>60623585
how would id > 14 work in this case?
>>60623585
Nigga do you even stored proc
>>60623613
>stored procedures on sqlite
>>60623610
the id would be translated to ROWID for example (WHERE ROWID>14), but it was just an example.
BTW is my code that bad? i want my app to be independent of the database type and it's in a separate module which just adds sqlite support to it.
>>60623585
The SQLAlchemy thing also prevents retarded stuff like accidental sql injection and stuff, but at penalty of being like 1.5 times slower
>>60623651
no but i mean how to call .get(id > 14) and get it to work?
its not bad but it really depends on how your program works?
You may want to just stay connected when the main .py is executed and then the insert function just grabs the cursor or creates a cursor does the action and returns the cursor
>>60623652
PSYCOPG2 does that actually
>>60623632
Lmao nigga use a real rdbms
>>60623729
I'm not OP you tryhard faggot
>>60623707
I'm not sure what you're asking about, it's actually my first project which has anything to do with SQL.
https://pastebin.com/8EKHBSpW
I use this code to query the database. (4chan is retarded and raises connection errors when I want to send a post containing "SELECT…") My main .py parses the string "ROWID>14" for example (the user types it in) as the "where" argument. But the way it works now allows SQL injection. That's why I need a better way to handle such expressions. I can try to write it myself but it seems difficult.
>>60623781
you need either parameterized queries which may not be supported by the basic sqlite module or you could create a simple class to represent the 'model' or a row of that table
e.g.
https://pastebin.com/USrR1YVQ