query packed

Anas-Dew · Anas-Dew · commit 5412bebde10a · 2022-11-18T11:05:30.000+05:30
diff --git a/src/quicksqlconnector/__init__.py b/src/quicksqlconnector/__init__.py
@@ -38,36 +38,39 @@ def __init__(self, host: str, port: int, user: str, password: str, database=Opti
             raise ValueError
 
     def query(self, my_query: str):
-        print(my_query)
         """
-        It takes a query as a string, and returns the result of the query
+        Takes a query and executes it if it's valid else it will throw error.
         
         :param my_query: str
         :type my_query: str
-        :return: The query is being returned.
+        :return: A list of tuples.
         """
+        # Lots of devs reported putting queries direct is insecure, yes it is true.
+        # but in this case before executing query are stored in a string.
+        # means it cannot be changed!. Unless your backend it compromised.
+        # OPEN AN ISSUE if something is wrong. It's an open source.
+        packed_query = my_query.lower()
 
         table = PrettyTable()
         try:
 
-            if 'select' or 'SELECT' in my_query:
-                all_info = []
+            if 'select' in packed_query:
 
+                all_info = []
                 with self.SQL.cursor() as cursor:
-                    cursor.execute(my_query)
+                    cursor.execute(packed_query)
                     for bits_of_data in cursor:
                         all_info.append(bits_of_data)
                     cursor.close()
 
 
                 return all_info
 
-            # elif contains_word(my_query, 'show') == True:
-            elif 'show' or 'SHOW' in my_query:
-
+            elif 'show' in packed_query:
+                
                 table.field_names = ['Result']
                 with self.SQL.cursor() as cursor:
-                    cursor.execute(my_query)
+                    cursor.execute(packed_query)
 
                     for bits_of_data in cursor:
                         table.add_row([bits_of_data[0]])
@@ -77,24 +80,27 @@ def query(self, my_query: str):
 
             else:
                 with self.SQL.cursor() as cursor:
-                    cursor.execute(my_query)
+                    cursor.execute(packed_query)
                     cursor.close()
-                return f'Query OK with command : {my_query}'
+                return f'Query OK with command : {packed_query}'
 
         except Exception as e:
             print(e)
 
 
 if __name__ == "__main__":
+    # SOME TESTS WHICH I PERFORM WHILE CODING.
+    # USE YOUR OWN CREDS WHEN CONTRIBUTING
+
     DB = quicksqlconnector('localhost', 6606, 'root', 'anas9916', 'userbase')
     # print(DB.query('show databases'))
     # DB.query('use userbase')
     # print(DB.query('show databases')[0][0])
     # print(DB.query('show tables'))
     # print(DB.query('SELECT * FROM new_fb'))
     # DB.query('CREATE TABLE test(name varchar(10), id int(10))')
-    print(DB.query("INSERT INTO test values('lex',1)"))
+    # print(DB.query("INSERT INTO test values('lex',1)"))
     # DB.query('DROP TABLE test')
     # print(DB.query('show tables'))
-    print(DB.query('SELECT * FROM test'))
+    # print(DB.query('SELECT * FROM test'))
     pass
