-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdb_fxns.py
87 lines (56 loc) · 2.15 KB
/
db_fxns.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# DB
import sqlite3
conn = sqlite3.connect('data.db')
c = conn.cursor()
# Functions
def create_table():
c.execute('CREATE TABLE IF NOT EXISTS blogtable(author TEXT,title TEXT,article TEXT,postdate DATE)')
def add_data(author, title, article, postdate):
c.execute('INSERT INTO blogtable(author,title,article,postdate) VALUES (?,?,?,?)',
(author, title, article, postdate))
conn.commit()
def view_all_notes():
c.execute('SELECT * FROM blogtable')
data = c.fetchall()
return data
def view_all_titles():
c.execute('SELECT DISTINCT title FROM blogtable')
data = c.fetchall()
return data
def get_blog_by_title(title):
c.execute('SELECT * FROM blogtable WHERE title="{}"'.format(title))
data = c.fetchall()
return data
def get_blog_by_author(author):
c.execute('SELECT * FROM blogtable WHERE author="{}"'.format(author))
data = c.fetchall()
return data
def delete_data(title):
c.execute('DELETE FROM blogtable WHERE title="{}"'.format(title))
conn.commit()
def create_usertable():
c.execute('CREATE TABLE IF NOT EXISTS userstable(username TEXT,password TEXT)')
def add_userdata(username, password):
c.execute('INSERT INTO userstable(username,password) VALUES (?,?)', (username, password))
conn.commit()
def login_user(username, password):
c.execute('SELECT * FROM userstable WHERE username =? AND password = ?', (username, password))
data = c.fetchall()
return data
def login_user_safe2(username, password):
c.execute("SELECT * FROM userstable WHERE username= '%s' AND password = '%s'"), (username, password);
data = c.fetchall()
return data
# Works but not safe agains SQL injections
def login_user_unsafe(username, password):
c.execute("SELECT * FROM userstable WHERE username='{}' AND password = '{}'".format(username, password))
data = c.fetchall()
return data
def login_user_unsafe2(username, password):
c.execute(f"SELECT * FROM userstable WHERE username= '{username}' AND password= '{password}'")
data = c.fetchall()
return data
def view_all_users():
c.execute('SELECT * FROM userstable')
data = c.fetchall()
return data