Title:           NO NO NO
Author:          waterapple
Pastebin link:   http://pastebin.com/GyzRk2kd
First Edit:      Sunday 15th of March 2015 01:56:45 PM CDT
Last Edit:       Sunday 15th of March 2015 01:56:45 PM CDT

https://dev.mysql.com/doc/connector-python/en/connector-python-example-cursor-select.html
 
def lookup_field(connection,table,field,value):
    """Return a list of all rows matching the given table/field/value group
    If no rows match, return None
    ONLY set field through code, NEVER give field from outside data"""
    logging.warning("THIS IS HILARIOUSLY VULNERABLE TO INJECTION ATTACKS!")# I do not know why this isn't working, so fuck it i'll just use strings
    logging.debug("checking media for field: "+repr(field)+" and value: "+repr(value))
    cursor =  connection.cursor()# Grab a cursor
    check_query = "SELECT * FROM `"+table+"` WHERE "+field+" = '"+value+"';"# Lookup query THIS IS BAD AND SHOULD NOT BE KEPT!
    logging.debug(check_query)
    cursor.execute(check_query)
    # Store rows found in a list
    check_row_counter = 0
    rows = []
    for row in cursor:
        check_row_counter += 1
        #logging.debug("row: "+repr(row))
        rows.append(row)
    #logging.debug("rows: "+repr(rows))
    cursor.close()
    # Return rows if any are found
    if len(rows) > 0:
        return rows
    else:
        return None