Commit
·
2a68e5a
1
Parent(s):
2d31646
Created utils.py script and added error handling in main.py
Browse files- app/db.py +3 -0
- app/main.py +53 -0
- app/utils.py +12 -0
- requirements.txt +0 -0
app/db.py
CHANGED
|
@@ -1,11 +1,14 @@
|
|
| 1 |
import sqlite3
|
| 2 |
from sqlite3 import Error
|
|
|
|
| 3 |
|
| 4 |
class Database:
|
| 5 |
def __init__(self, db_path='data/database.sqlite'):
|
| 6 |
self.db_path = db_path
|
| 7 |
|
| 8 |
def execute_query(self, query):
|
|
|
|
|
|
|
| 9 |
try:
|
| 10 |
conn = sqlite3.connect(self.db_path)
|
| 11 |
cursor = conn.cursor()
|
|
|
|
| 1 |
import sqlite3
|
| 2 |
from sqlite3 import Error
|
| 3 |
+
from app.utils import validate_sql
|
| 4 |
|
| 5 |
class Database:
|
| 6 |
def __init__(self, db_path='data/database.sqlite'):
|
| 7 |
self.db_path = db_path
|
| 8 |
|
| 9 |
def execute_query(self, query):
|
| 10 |
+
if not validate_sql(query):
|
| 11 |
+
return {"error": "Invalid SQL query. Only SELECT queries are allowed at this point."}
|
| 12 |
try:
|
| 13 |
conn = sqlite3.connect(self.db_path)
|
| 14 |
cursor = conn.cursor()
|
app/main.py
CHANGED
|
@@ -0,0 +1,53 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
from flask import Flask, request, render_template_string
|
| 2 |
+
from app.nlp import NLPToSQL
|
| 3 |
+
from app.db import Database
|
| 4 |
+
|
| 5 |
+
app = Flask(__name__)
|
| 6 |
+
nlp = NLPToSQL()
|
| 7 |
+
db = Database()
|
| 8 |
+
|
| 9 |
+
HTML_TEMPLATE = """
|
| 10 |
+
!DOCTYPE html>
|
| 11 |
+
<html>
|
| 12 |
+
<head><title> Chat Assistant </title></head>
|
| 13 |
+
<body>
|
| 14 |
+
<h1> Database Chat Assistant</h1>
|
| 15 |
+
<form method="POST">
|
| 16 |
+
<input type="text" name="query" placeholder= "Enter your query..." size="50">
|
| 17 |
+
<button type="submit">Ask</button>
|
| 18 |
+
</form>
|
| 19 |
+
{% if response %}
|
| 20 |
+
<h3> Response: </h3>
|
| 21 |
+
<pre>{{ response }}</pre>
|
| 22 |
+
{% endif %}
|
| 23 |
+
{% if error %}
|
| 24 |
+
<p style = "color:red;">{{ error }} </p>
|
| 25 |
+
{% endif %}
|
| 26 |
+
</body>
|
| 27 |
+
</html>
|
| 28 |
+
"""
|
| 29 |
+
|
| 30 |
+
@app.route("/", methods=["GET", "POST"])
|
| 31 |
+
def index():
|
| 32 |
+
if request.method == 'POST':
|
| 33 |
+
user_query = request.form['query']
|
| 34 |
+
try:
|
| 35 |
+
sql = nlp.query_to_sql(user_query)
|
| 36 |
+
result = db.execute_query(sql)
|
| 37 |
+
if 'error' in result:
|
| 38 |
+
return render_template_string(HTML_TEMPLATE, error = result['error'])
|
| 39 |
+
if not result['data']:
|
| 40 |
+
return render_template_string(HTML_TEMPLATE, error = "No data found")
|
| 41 |
+
|
| 42 |
+
response = " | ".join(result['columns']) + "\n"
|
| 43 |
+
response += "-"*50 + "\n"
|
| 44 |
+
for row in result['data']:
|
| 45 |
+
response += " | ".join(str(cell) for cell in row) + "\n"
|
| 46 |
+
return render_template_string(HTML_TEMPLATE, response = response)
|
| 47 |
+
|
| 48 |
+
except Exception as e:
|
| 49 |
+
return render_template_string(HTML_TEMPLATE, error = f"Error: {str(e)}")
|
| 50 |
+
|
| 51 |
+
return render_template_string(HTML_TEMPLATE)
|
| 52 |
+
|
| 53 |
+
|
app/utils.py
CHANGED
|
@@ -0,0 +1,12 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
import re
|
| 2 |
+
|
| 3 |
+
def validate_sql(sql):
|
| 4 |
+
# Allowing only SELECT queries
|
| 5 |
+
if not re.match(r'^SELECT\s.+',sql, re.IGNORECASE):
|
| 6 |
+
return False
|
| 7 |
+
# Blocking forbidden keywords
|
| 8 |
+
forbidden_keywords = ['DROP', 'DELETE', 'UPDATE', 'INSERT', 'CREATE', 'ALTER', 'TRUNCATE']
|
| 9 |
+
for keyword in forbidden_keywords:
|
| 10 |
+
if re.search(r'\b{}\b'.format(keyword), sql, re.IGNORECASE):
|
| 11 |
+
return False
|
| 12 |
+
return True
|
requirements.txt
CHANGED
|
Binary files a/requirements.txt and b/requirements.txt differ
|
|
|