Running a Python that calls a SQL in BASH W10

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Trying to run this Python file python pid_info.py 12345 which looks like 



#!/usr/bin/env python
import subprocess
import sys, getopt

# add if -b or -e then look for username/email like etc... 
# figure out how to store the db creds in separate file 
class color:
 PURPLE = '33[95m'
 CYAN = '33[96m'
 DARKCYAN = '33[36m'
 BLUE = '33[94m'
 GREEN = '33[92m'
 YELLOW = '33[93m'
 RED = '33[91m'
 BOLD = '33[1m'
 UNDERLINE = '33[4m'
 FLASH = '33[0.5m'
 END = '33[0m'

# DB info:
host = 
db=
user=
password=
# take the argument provided by user
UN=str(sys.argv[1]) 
# SQL query to return user info + role
f_statement1 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.placement_id PID, pl.placement_name, p.partner_name Publisher, pc.description Platform_client, pit.description +'/'+ dt.description Integration_Device
FROM placement pl 
JOIN partner p ON pl.partner_id = p.partner_id 
JOIN platform_client pc ON p.platform_client_id = pc.platform_client_id
JOIN placement_integration_type_assoc pita ON pl.placement_id = pita.placement_id 
JOIN placement_integration_type pit ON pita.placement_integration_type_id = pit.placement_integration_type_id
JOIN device_type dt ON pl.device_type_id = dt.device_type_id 
WHERE pit.active=1
AND pita.active=1 AND pl.placement_id = """ + str(UN)

f_statement2 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.max_ad_duration Seconds, c.abbreviation Country,
CASE WHEN passback_allowed=0 THEN 'GUARANTEED' ELSE 'PASSBACK' END AS Buy_Type, 
CASE WHEN pl.skippable=0 THEN 'Non-Skippable' ELSE 'Skippable' END AS Skippable,
CASE WHEN pl.active=1 THEN 'ACTIVE' ELSE 'NOT_ACTIVE' END AS Status
FROM placement pl 
JOIN country c ON pl.country_id = c.country_id
WHERE pl.placement_id =""" + str(UN)

f_statement3 = """ set nocount on; set ansi_warnings off;
SELECT url_expression FROM AN_MAIN..placement_domain_whitelist
WHERE active=1 and placement_id =""" + str(UN)

# run the first query
print('n')
print(color.UNDERLINE + color.BOLD + "Results for PID " + str(UN) + ":" + color.END)
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement2, "-Y","30", "-s", "|" ])
print('n')
print(color.UNDERLINE + color.BOLD + "Whitelist for PID " + str(UN) + ":" + color.END)
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement3, "-Y","30", "-s", "|" ])
print('n')

input ()


And when I do I get the error



Results for PID 12345:
Traceback (most recent call last):
 File "pid_info.py", line 57, in <module>
 results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
 File "/usr/lib/python2.7/subprocess.py", line 523, in call
 return Popen(*popenargs, **kwargs).wait()
 File "/usr/lib/python2.7/subprocess.py", line 711, in __init__
 errread, errwrite)
 File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
 raise child_exception
OSError: [Errno 2] No such file or directory


What change do I need to make here?




linux bash python sql




share|improve this question
















  • 1




    By all appearances, the python script doesn't know where to find the executable named sqlcmd. Perhaps you just need the full path to it, or perhaps you're missing an environment file that would set up the PATH and any other variables that are needed.
    – Jeff Schaller
    Feb 8 at 14:30










  • @jhallvid It doesn't seem that you assigned sqlcmd to anything. Just add sqlcmd = os.path.abspath('/your/path/to/file.sh')
    – dmb
    Feb 8 at 14:39










  • Just a general note: Add colours and other knobs and gobbins after you have made sure that the active code is actually doing the correct things. It makes the code hard to read.
    – Kusalananda
    Feb 8 at 14:47







  • 1




    Don't call sqlcmd. that's an sql injection attack waiting to happen. use whichever python library exists to allow direct connections and sql queries to your (unnamed) database server. python isn't sh, and while it can run external commands, you should only do that for things it can't do with a native python library (which is almost nothing)
    – cas
    Feb 8 at 16:32














up vote
0
down vote

favorite












Trying to run this Python file python pid_info.py 12345 which looks like 



#!/usr/bin/env python
import subprocess
import sys, getopt

# add if -b or -e then look for username/email like etc... 
# figure out how to store the db creds in separate file 
class color:
 PURPLE = '33[95m'
 CYAN = '33[96m'
 DARKCYAN = '33[36m'
 BLUE = '33[94m'
 GREEN = '33[92m'
 YELLOW = '33[93m'
 RED = '33[91m'
 BOLD = '33[1m'
 UNDERLINE = '33[4m'
 FLASH = '33[0.5m'
 END = '33[0m'

# DB info:
host = 
db=
user=
password=
# take the argument provided by user
UN=str(sys.argv[1]) 
# SQL query to return user info + role
f_statement1 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.placement_id PID, pl.placement_name, p.partner_name Publisher, pc.description Platform_client, pit.description +'/'+ dt.description Integration_Device
FROM placement pl 
JOIN partner p ON pl.partner_id = p.partner_id 
JOIN platform_client pc ON p.platform_client_id = pc.platform_client_id
JOIN placement_integration_type_assoc pita ON pl.placement_id = pita.placement_id 
JOIN placement_integration_type pit ON pita.placement_integration_type_id = pit.placement_integration_type_id
JOIN device_type dt ON pl.device_type_id = dt.device_type_id 
WHERE pit.active=1
AND pita.active=1 AND pl.placement_id = """ + str(UN)

f_statement2 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.max_ad_duration Seconds, c.abbreviation Country,
CASE WHEN passback_allowed=0 THEN 'GUARANTEED' ELSE 'PASSBACK' END AS Buy_Type, 
CASE WHEN pl.skippable=0 THEN 'Non-Skippable' ELSE 'Skippable' END AS Skippable,
CASE WHEN pl.active=1 THEN 'ACTIVE' ELSE 'NOT_ACTIVE' END AS Status
FROM placement pl 
JOIN country c ON pl.country_id = c.country_id
WHERE pl.placement_id =""" + str(UN)

f_statement3 = """ set nocount on; set ansi_warnings off;
SELECT url_expression FROM AN_MAIN..placement_domain_whitelist
WHERE active=1 and placement_id =""" + str(UN)

# run the first query
print('n')
print(color.UNDERLINE + color.BOLD + "Results for PID " + str(UN) + ":" + color.END)
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement2, "-Y","30", "-s", "|" ])
print('n')
print(color.UNDERLINE + color.BOLD + "Whitelist for PID " + str(UN) + ":" + color.END)
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement3, "-Y","30", "-s", "|" ])
print('n')

input ()


And when I do I get the error



Results for PID 12345:
Traceback (most recent call last):
 File "pid_info.py", line 57, in <module>
 results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
 File "/usr/lib/python2.7/subprocess.py", line 523, in call
 return Popen(*popenargs, **kwargs).wait()
 File "/usr/lib/python2.7/subprocess.py", line 711, in __init__
 errread, errwrite)
 File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
 raise child_exception
OSError: [Errno 2] No such file or directory


What change do I need to make here?




linux bash python sql




share|improve this question
















  • 1




    By all appearances, the python script doesn't know where to find the executable named sqlcmd. Perhaps you just need the full path to it, or perhaps you're missing an environment file that would set up the PATH and any other variables that are needed.
    – Jeff Schaller
    Feb 8 at 14:30










  • @jhallvid It doesn't seem that you assigned sqlcmd to anything. Just add sqlcmd = os.path.abspath('/your/path/to/file.sh')
    – dmb
    Feb 8 at 14:39










  • Just a general note: Add colours and other knobs and gobbins after you have made sure that the active code is actually doing the correct things. It makes the code hard to read.
    – Kusalananda
    Feb 8 at 14:47







  • 1




    Don't call sqlcmd. that's an sql injection attack waiting to happen. use whichever python library exists to allow direct connections and sql queries to your (unnamed) database server. python isn't sh, and while it can run external commands, you should only do that for things it can't do with a native python library (which is almost nothing)
    – cas
    Feb 8 at 16:32












up vote
0
down vote

favorite









up vote
0
down vote

favorite











Trying to run this Python file python pid_info.py 12345 which looks like 



#!/usr/bin/env python
import subprocess
import sys, getopt

# add if -b or -e then look for username/email like etc... 
# figure out how to store the db creds in separate file 
class color:
 PURPLE = '33[95m'
 CYAN = '33[96m'
 DARKCYAN = '33[36m'
 BLUE = '33[94m'
 GREEN = '33[92m'
 YELLOW = '33[93m'
 RED = '33[91m'
 BOLD = '33[1m'
 UNDERLINE = '33[4m'
 FLASH = '33[0.5m'
 END = '33[0m'

# DB info:
host = 
db=
user=
password=
# take the argument provided by user
UN=str(sys.argv[1]) 
# SQL query to return user info + role
f_statement1 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.placement_id PID, pl.placement_name, p.partner_name Publisher, pc.description Platform_client, pit.description +'/'+ dt.description Integration_Device
FROM placement pl 
JOIN partner p ON pl.partner_id = p.partner_id 
JOIN platform_client pc ON p.platform_client_id = pc.platform_client_id
JOIN placement_integration_type_assoc pita ON pl.placement_id = pita.placement_id 
JOIN placement_integration_type pit ON pita.placement_integration_type_id = pit.placement_integration_type_id
JOIN device_type dt ON pl.device_type_id = dt.device_type_id 
WHERE pit.active=1
AND pita.active=1 AND pl.placement_id = """ + str(UN)

f_statement2 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.max_ad_duration Seconds, c.abbreviation Country,
CASE WHEN passback_allowed=0 THEN 'GUARANTEED' ELSE 'PASSBACK' END AS Buy_Type, 
CASE WHEN pl.skippable=0 THEN 'Non-Skippable' ELSE 'Skippable' END AS Skippable,
CASE WHEN pl.active=1 THEN 'ACTIVE' ELSE 'NOT_ACTIVE' END AS Status
FROM placement pl 
JOIN country c ON pl.country_id = c.country_id
WHERE pl.placement_id =""" + str(UN)

f_statement3 = """ set nocount on; set ansi_warnings off;
SELECT url_expression FROM AN_MAIN..placement_domain_whitelist
WHERE active=1 and placement_id =""" + str(UN)

# run the first query
print('n')
print(color.UNDERLINE + color.BOLD + "Results for PID " + str(UN) + ":" + color.END)
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement2, "-Y","30", "-s", "|" ])
print('n')
print(color.UNDERLINE + color.BOLD + "Whitelist for PID " + str(UN) + ":" + color.END)
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement3, "-Y","30", "-s", "|" ])
print('n')

input ()


And when I do I get the error



Results for PID 12345:
Traceback (most recent call last):
 File "pid_info.py", line 57, in <module>
 results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
 File "/usr/lib/python2.7/subprocess.py", line 523, in call
 return Popen(*popenargs, **kwargs).wait()
 File "/usr/lib/python2.7/subprocess.py", line 711, in __init__
 errread, errwrite)
 File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
 raise child_exception
OSError: [Errno 2] No such file or directory


What change do I need to make here?




linux bash python sql




share|improve this question












Trying to run this Python file python pid_info.py 12345 which looks like 



#!/usr/bin/env python
import subprocess
import sys, getopt

# add if -b or -e then look for username/email like etc... 
# figure out how to store the db creds in separate file 
class color:
 PURPLE = '33[95m'
 CYAN = '33[96m'
 DARKCYAN = '33[36m'
 BLUE = '33[94m'
 GREEN = '33[92m'
 YELLOW = '33[93m'
 RED = '33[91m'
 BOLD = '33[1m'
 UNDERLINE = '33[4m'
 FLASH = '33[0.5m'
 END = '33[0m'

# DB info:
host = 
db=
user=
password=
# take the argument provided by user
UN=str(sys.argv[1]) 
# SQL query to return user info + role
f_statement1 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.placement_id PID, pl.placement_name, p.partner_name Publisher, pc.description Platform_client, pit.description +'/'+ dt.description Integration_Device
FROM placement pl 
JOIN partner p ON pl.partner_id = p.partner_id 
JOIN platform_client pc ON p.platform_client_id = pc.platform_client_id
JOIN placement_integration_type_assoc pita ON pl.placement_id = pita.placement_id 
JOIN placement_integration_type pit ON pita.placement_integration_type_id = pit.placement_integration_type_id
JOIN device_type dt ON pl.device_type_id = dt.device_type_id 
WHERE pit.active=1
AND pita.active=1 AND pl.placement_id = """ + str(UN)

f_statement2 = """ set nocount on; set ansi_warnings off; 
SELECT 
pl.max_ad_duration Seconds, c.abbreviation Country,
CASE WHEN passback_allowed=0 THEN 'GUARANTEED' ELSE 'PASSBACK' END AS Buy_Type, 
CASE WHEN pl.skippable=0 THEN 'Non-Skippable' ELSE 'Skippable' END AS Skippable,
CASE WHEN pl.active=1 THEN 'ACTIVE' ELSE 'NOT_ACTIVE' END AS Status
FROM placement pl 
JOIN country c ON pl.country_id = c.country_id
WHERE pl.placement_id =""" + str(UN)

f_statement3 = """ set nocount on; set ansi_warnings off;
SELECT url_expression FROM AN_MAIN..placement_domain_whitelist
WHERE active=1 and placement_id =""" + str(UN)

# run the first query
print('n')
print(color.UNDERLINE + color.BOLD + "Results for PID " + str(UN) + ":" + color.END)
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement2, "-Y","30", "-s", "|" ])
print('n')
print(color.UNDERLINE + color.BOLD + "Whitelist for PID " + str(UN) + ":" + color.END)
print('n')
results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement3, "-Y","30", "-s", "|" ])
print('n')

input ()


And when I do I get the error



Results for PID 12345:
Traceback (most recent call last):
 File "pid_info.py", line 57, in <module>
 results1=subprocess.call(["sqlcmd", "-S", host, "-U",user, "-P",password, "-d",db, "-Q", f_statement1, "-Y","30", "-s", "|" ])
 File "/usr/lib/python2.7/subprocess.py", line 523, in call
 return Popen(*popenargs, **kwargs).wait()
 File "/usr/lib/python2.7/subprocess.py", line 711, in __init__
 errread, errwrite)
 File "/usr/lib/python2.7/subprocess.py", line 1343, in _execute_child
 raise child_exception
OSError: [Errno 2] No such file or directory


What change do I need to make here?





linux bash python sql





share|improve this question











share|improve this question




share|improve this question










asked Feb 8 at 14:24









jhallvid

1




1







  • 1




    By all appearances, the python script doesn't know where to find the executable named sqlcmd. Perhaps you just need the full path to it, or perhaps you're missing an environment file that would set up the PATH and any other variables that are needed.
    – Jeff Schaller
    Feb 8 at 14:30










  • @jhallvid It doesn't seem that you assigned sqlcmd to anything. Just add sqlcmd = os.path.abspath('/your/path/to/file.sh')
    – dmb
    Feb 8 at 14:39










  • Just a general note: Add colours and other knobs and gobbins after you have made sure that the active code is actually doing the correct things. It makes the code hard to read.
    – Kusalananda
    Feb 8 at 14:47







  • 1




    Don't call sqlcmd. that's an sql injection attack waiting to happen. use whichever python library exists to allow direct connections and sql queries to your (unnamed) database server. python isn't sh, and while it can run external commands, you should only do that for things it can't do with a native python library (which is almost nothing)
    – cas
    Feb 8 at 16:32












  • 1




    By all appearances, the python script doesn't know where to find the executable named sqlcmd. Perhaps you just need the full path to it, or perhaps you're missing an environment file that would set up the PATH and any other variables that are needed.
    – Jeff Schaller
    Feb 8 at 14:30










  • @jhallvid It doesn't seem that you assigned sqlcmd to anything. Just add sqlcmd = os.path.abspath('/your/path/to/file.sh')
    – dmb
    Feb 8 at 14:39










  • Just a general note: Add colours and other knobs and gobbins after you have made sure that the active code is actually doing the correct things. It makes the code hard to read.
    – Kusalananda
    Feb 8 at 14:47







  • 1




    Don't call sqlcmd. that's an sql injection attack waiting to happen. use whichever python library exists to allow direct connections and sql queries to your (unnamed) database server. python isn't sh, and while it can run external commands, you should only do that for things it can't do with a native python library (which is almost nothing)
    – cas
    Feb 8 at 16:32







1




1




By all appearances, the python script doesn't know where to find the executable named sqlcmd. Perhaps you just need the full path to it, or perhaps you're missing an environment file that would set up the PATH and any other variables that are needed.
– Jeff Schaller
Feb 8 at 14:30




By all appearances, the python script doesn't know where to find the executable named sqlcmd. Perhaps you just need the full path to it, or perhaps you're missing an environment file that would set up the PATH and any other variables that are needed.
– Jeff Schaller
Feb 8 at 14:30












@jhallvid It doesn't seem that you assigned sqlcmd to anything. Just add sqlcmd = os.path.abspath('/your/path/to/file.sh')
– dmb
Feb 8 at 14:39




@jhallvid It doesn't seem that you assigned sqlcmd to anything. Just add sqlcmd = os.path.abspath('/your/path/to/file.sh')
– dmb
Feb 8 at 14:39












Just a general note: Add colours and other knobs and gobbins after you have made sure that the active code is actually doing the correct things. It makes the code hard to read.
– Kusalananda
Feb 8 at 14:47





Just a general note: Add colours and other knobs and gobbins after you have made sure that the active code is actually doing the correct things. It makes the code hard to read.
– Kusalananda
Feb 8 at 14:47





1




1




Don't call sqlcmd. that's an sql injection attack waiting to happen. use whichever python library exists to allow direct connections and sql queries to your (unnamed) database server. python isn't sh, and while it can run external commands, you should only do that for things it can't do with a native python library (which is almost nothing)
– cas
Feb 8 at 16:32




Don't call sqlcmd. that's an sql injection attack waiting to happen. use whichever python library exists to allow direct connections and sql queries to your (unnamed) database server. python isn't sh, and while it can run external commands, you should only do that for things it can't do with a native python library (which is almost nothing)
– cas
Feb 8 at 16:32










1 Answer
1






active

oldest

votes

















up vote
4
down vote













The Python script runs in an environment where the sqlcmd is not found in any of the directories that are listed in the PATH environment variable.



Make sure that PATH includes the directory where sqlcmd lives before invoking your script, or use sqlcmd with its full path.



I'm sure there are proper SQL libraries for Python that allows you to create database connections within the Python code without shelling out to some external binary. This would also allow you to do prepared statements which are less susceptible to SQL injection attacks



You never sanitize the UN variable, which means that one could call the script with "12345; DROP DATABASE 'mydatabase';"






share|improve this answer






















  • Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
    – jhallvid
    Feb 9 at 11:21











  • @jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
    – Kusalananda
    Feb 9 at 11:24










  • @jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
    – Kusalananda
    Feb 9 at 11:27











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422821%2frunning-a-python-that-calls-a-sql-in-bash-w10%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
4
down vote













The Python script runs in an environment where the sqlcmd is not found in any of the directories that are listed in the PATH environment variable.



Make sure that PATH includes the directory where sqlcmd lives before invoking your script, or use sqlcmd with its full path.



I'm sure there are proper SQL libraries for Python that allows you to create database connections within the Python code without shelling out to some external binary. This would also allow you to do prepared statements which are less susceptible to SQL injection attacks



You never sanitize the UN variable, which means that one could call the script with "12345; DROP DATABASE 'mydatabase';"






share|improve this answer






















  • Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
    – jhallvid
    Feb 9 at 11:21











  • @jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
    – Kusalananda
    Feb 9 at 11:24










  • @jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
    – Kusalananda
    Feb 9 at 11:27















up vote
4
down vote













The Python script runs in an environment where the sqlcmd is not found in any of the directories that are listed in the PATH environment variable.



Make sure that PATH includes the directory where sqlcmd lives before invoking your script, or use sqlcmd with its full path.



I'm sure there are proper SQL libraries for Python that allows you to create database connections within the Python code without shelling out to some external binary. This would also allow you to do prepared statements which are less susceptible to SQL injection attacks



You never sanitize the UN variable, which means that one could call the script with "12345; DROP DATABASE 'mydatabase';"






share|improve this answer






















  • Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
    – jhallvid
    Feb 9 at 11:21











  • @jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
    – Kusalananda
    Feb 9 at 11:24










  • @jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
    – Kusalananda
    Feb 9 at 11:27













up vote
4
down vote










up vote
4
down vote









The Python script runs in an environment where the sqlcmd is not found in any of the directories that are listed in the PATH environment variable.



Make sure that PATH includes the directory where sqlcmd lives before invoking your script, or use sqlcmd with its full path.



I'm sure there are proper SQL libraries for Python that allows you to create database connections within the Python code without shelling out to some external binary. This would also allow you to do prepared statements which are less susceptible to SQL injection attacks



You never sanitize the UN variable, which means that one could call the script with "12345; DROP DATABASE 'mydatabase';"






share|improve this answer














The Python script runs in an environment where the sqlcmd is not found in any of the directories that are listed in the PATH environment variable.



Make sure that PATH includes the directory where sqlcmd lives before invoking your script, or use sqlcmd with its full path.



I'm sure there are proper SQL libraries for Python that allows you to create database connections within the Python code without shelling out to some external binary. This would also allow you to do prepared statements which are less susceptible to SQL injection attacks



You never sanitize the UN variable, which means that one could call the script with "12345; DROP DATABASE 'mydatabase';"







share|improve this answer














share|improve this answer



share|improve this answer








edited Feb 8 at 15:22

























answered Feb 8 at 14:50









Kusalananda

103k13202318




103k13202318











  • Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
    – jhallvid
    Feb 9 at 11:21











  • @jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
    – Kusalananda
    Feb 9 at 11:24










  • @jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
    – Kusalananda
    Feb 9 at 11:27

















  • Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
    – jhallvid
    Feb 9 at 11:21











  • @jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
    – Kusalananda
    Feb 9 at 11:24










  • @jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
    – Kusalananda
    Feb 9 at 11:27
















Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
– jhallvid
Feb 9 at 11:21





Is there something I can put in my .bashrc to allow it to run every time? I have replaced the sqlcmd with the path /opt/mssql-tools/bin/sqlcmd but it spits out the help options as if I had put /opt/mssql-tools/bin/sqlcmd -? usage: sqlcmd [-U login id] [-P password] [-S server or Dsn if -D is provided] [-H hostname]
– jhallvid
Feb 9 at 11:21













@jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
– Kusalananda
Feb 9 at 11:24




@jhallvid This just means that sqlcmd does not understand some of the options that you are giving it from the Python code. I'm unfamiliar with sqlcmd so I can't comment further on how you should or should not use this utility. Instead refer to the documentation for sqlcmd.
– Kusalananda
Feb 9 at 11:24












@jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
– Kusalananda
Feb 9 at 11:27





@jhallvid Also, if you are at all able to, consider rewriting this script to use proper SQL connectors without shelling out to sqlcmd (as I and user cas suggested), and do something about that SQL injection vulnerability.
– Kusalananda
Feb 9 at 11:27













 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f422821%2frunning-a-python-that-calls-a-sql-in-bash-w10%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

How to check contact read email or not when send email to Individual?

Image
Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
Read more

Displaying single band from multi-band raster using QGIS

Image
Clash Royale CLAN TAG #URR8PPP 1 How can I extract a single band from multi-band raster in QGIS? I have an remote sensed image which has 6 bands (including NDVI band), I want to display each band separately, but have no idea how to do. I have seen some questions similar here but none worked for me. The original image (has 6 bands) is: I want to display the band 6 which should be like this: But I tried gdal_translate, and couldn't get the correct result. What I have got is: qgis raster multi-band share | improve this question edited Mar 5 at 0:53 Summer asked Mar 4 at 6:42 Summer Summer 23 6 Is this any help gis.stackexchange.com/questions/220658/… ? if not gis.stackexchange.com/questions/62133/… might help. – Michael Stimson Mar 4 at 6:46 Thanks for answering but when I used gdal_translate, qgis showed that 'Error 4: Kayena.tif: No such file or directory". Would you know how to fix it? –
Read more

How many registers does an x86_64 CPU actually have?

Image
Clash Royale CLAN TAG #URR8PPP up vote 2 down vote favorite I am currently learning reverse engineering and am studying the flags register. I had in my mind that rflags was just another name for one of the 16 general purpose registers, for example rax or rbx . But it looks like rflags is actually an additional register. So that makes 17 registers in total... how many more could there be? I have spent at least an hour on this and found numerous different answers. The best answer so far is this, which says that there are 40 registers in total. 16 General Purpose Registers 2 Status Registers 6 Code Segment Registers 16 SSE Registers 8 FPU/MMX Registers But if I add that up, I get 48. Could anybody provide an official answer on how many registers an x86_64 CPU has (e.g. an Intel i7). Additionally, I have seen references to 'hardware' and 'architectural' registers. What are those registers and how many are there? register x86-64 share | improve this
Read more