#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    41
    Rep Power
    2

    Removing brackets and commas from MySQL query


    Hello all,

    I'm writing a trivial script for a university dissertation project that will allow me to nail the basics of a brute force attack program that will be run to gain access into bank accounts via DTMF telephony systems - don't worry, all testing is done on test systems and not real world, I have had to sign ethical forms to say I won't be attacking Halifax's phone banking system.

    At this moment in time, I am attempting to get the program to query a MySQL server for the first entry in the AccountNumber tuple and then return it on screen. The result returns with no problems but when I want the program to then print each individual integer of the account number, as to simulate a person entering their account number on a phone keypad, which can only be done by converting the returned MySQL query result into a string, I get brackets and commas in my output.

    Can anyone advise me on how to rid the unnecessary special characters? I have enclosed two versions of my code to show the different outputs I get.

    [code="Python code version 1"]
    import MySQLdb
    import sys

    db = MySQLdb.connect(
    host = '127.0.0.1',
    user = 'root',
    passwd = '',
    db = 'TestDB'
    )

    cursor = db.cursor()
    cursor.execute('SELECT AccountNumber FROM customers')
    result = cursor.fetchmany()

    for i in result:
    print i[0]

    raw_input("Press ENTER to terminate attack")[/code]

    [code="Version 1 output"]
    4921000000000000
    Press ENTER to terminate attack
    [/code]

    [code="Python code version 2"]
    import MySQLdb
    import sys

    db = MySQLdb.connect(
    host = '127.0.0.1',
    user = 'root',
    passwd = '',
    db = 'TestDB'
    )

    cursor = db.cursor()
    cursor.execute('SELECT AccountNumber FROM customers')
    result = cursor.fetchmany()
    resultString = str(result)

    for i in resultString:
    print i[0]

    raw_input("Press ENTER to terminate attack")[/code]

    [code="Version 2 output"]
    (
    (
    '
    4
    9
    2
    1
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0
    0
    '
    ,
    )
    ,
    )
    Press ENTER to terminate attack[/code]
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    43
    Rep Power
    2
    You could import the string module and use string.replace to replace or remove certain characters you don't like. If the same characters keep popping up in your experiment this might be one way.

    For example, to remove the ")" bracket from a string named 's':

    import string
    s=string.replace(s,")","")



    Another way to be 100% positive you got ONLY numbers, could be to use a try/except block. You could try to turn the character into an integer, and if it fails you know it's not a number.

    Code:
    for i in resultString:
    	try: 
    		tempInt=int(i[0])
    		print tempInt
    	except: pass
    I didn't test the above code but it should work.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    41
    Rep Power
    2
    Originally Posted by eliskan
    You could import the string module and use string.replace to replace or remove certain characters you don't like. If the same characters keep popping up in your experiment this might be one way.

    For example, to remove the ")" bracket from a string named 's':

    import string
    s=string.replace(s,")","")



    Another way to be 100% positive you got ONLY numbers, could be to use a try/except block. You could try to turn the character into an integer, and if it fails you know it's not a number.

    Code:
    for i in resultString:
    	try: 
    		tempInt=int(i[0])
    		print tempInt
    	except: pass
    I didn't test the above code but it should work.
    Thank you so much Eliskan, the tempInt method worked a treat. I didn't try the import string method as I'm not totally sure how I would insert that into my program.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2007
    Location
    Joensuu, Finland
    Posts
    436
    Rep Power
    67
    Originally Posted by Mastah^
    Can anyone advise me on how to rid the unnecessary special characters? I have enclosed two versions of my code to show the different outputs I get.

    [code="Python code version 1"]
    ...
    result = cursor.fetchmany()

    for i in result:
    print i[0][/CODE]

    Code:
    result = cursor.fetchmany()
    resultString = str(result)
    In the first version, you clearly realise that “result” is not a string but a list or tuple of lists or tuples containing, possibly, strings. In the second version, you seem to forget this and convert the list or tuple to a string. According to the output result holds the tuple (('somenumber',),) (corresponding to a somewhat easier-to-read list [['somenumber']]).

    I think you just need to do “list(result[0][0])” to get the list of characters in the string.

    Anywho, there’s no need to import string module anymore: string type has a builtin method .replace().
    My armada: openSUSE 13.1 (home desktop, home laptop), Crunchbang Linux 11 (work laptop), Trisquel GNU/Linux 6.0.1 (mini laptop), Ubuntu 14.04 LTS (server), Android 4.2.1 (tablet), Windows 7 Ultimate (testbed)
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    41
    Rep Power
    2
    Originally Posted by SuperOscar
    In the first version, you clearly realise that “result” is not a string but a list or tuple of lists or tuples containing, possibly, strings. In the second version, you seem to forget this and convert the list or tuple to a string. According to the output result holds the tuple (('somenumber',),) (corresponding to a somewhat easier-to-read list [['somenumber']]).

    I think you just need to do “list(result[0][0])” to get the list of characters in the string.

    Anywho, there’s no need to import string module anymore: string type has a builtin method .replace().
    I'm quite new to Python so I'm struggling to grasp the .replace() function in the language. Here is what I wish to do in pure Python:

    Code:
    PINguess = 1960
    
    PINtest = 1999
    
    while PINguess != PINtest:
    	print "That isn't the PIN"
    	print PINguess
    	PINguess = PINguess + 1
    else:
    	print "That is the PIN. Yippey!"
    What I wish to do however is obtain the PINtest value from the MySQL database and then run a series of PINguess until it is matched - or brute forced. The previous method of...

    [code="Previous method"]
    for i in resultStringCard:
    try:
    CardInt=int(i[0])
    print CardInt
    except: pass[/code]

    ...works fine when wanting to scroll text down, but I assume this breaks the integer up so that it doesn't equal what it did do before. Can someone give me a contextual example of the .replace() in action as it doesn't appear to work for me. I have thought up an idea of using "bad characters" and attempting to exclude (, ), ' and , from outputs but I am also struggling with that.

    Many thanks for any help!
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    43
    Rep Power
    2
    Ok string replace is very easy. Also nice to know I can use .replace without importing the string module.

    So immediately after this line:
    Code:
    resultString = str(result)
    You want to put in these lines to remove the apostrophes and brackets:
    Code:
    resultString=resultString.replace("(","")
    resultString=resultString.replace(")","")
    resultString=resultString.replace("\'","")
    The following resultString will have no ( ) ' characters



    Another way of doing the same thing, if you want to make a blacklist of characters (this would be an optimal way to handle this problem if you have a TON of characters you want to remove from the output):
    Code:
    blackList=["\'","(",")"]
    for i in range(len(blackList)):
        resultString=resultString.replace(blackList[i],"")
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    41
    Rep Power
    2
    Originally Posted by eliskan
    Ok string replace is very easy. Also nice to know I can use .replace without importing the string module.

    So immediately after this line:
    Code:
    resultString = str(result)
    You want to put in these lines to remove the apostrophes and brackets:
    Code:
    resultString=resultString.replace("(","")
    resultString=resultString.replace(")","")
    resultString=resultString.replace("\'","")
    The following resultString will have no ( ) ' characters



    Another way of doing the same thing, if you want to make a blacklist of characters (this would be an optimal way to handle this problem if you have a TON of characters you want to remove from the output):
    Code:
    blackList=["\'","(",")"]
    for i in range(len(blackList)):
        resultString=resultString.replace(blackList[i],"")
    Thank you again Eliskan. I shall give this a go and report back if I have any further issues (which I hope I don't )
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2012
    Posts
    43
    Rep Power
    2
    Originally Posted by Mastah^
    Thank you again Eliskan. I shall give this a go and report back if I have any further issues (which I hope I don't )

    Glad I could help!
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    41
    Rep Power
    2
    Eliskan, you are a legend. The replace function works a treat
  18. #10
  19. Contributing User
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Aug 2011
    Posts
    4,856
    Rep Power
    481
    Code:
    import string # reason to import string
    
    resultString = "(('4921000000000000',),)"
    
    print(''.join(i for i in resultString if i in string.digits))
    [code]Code tags[/code] are essential for python code and Makefiles!
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2007
    Location
    Joensuu, Finland
    Posts
    436
    Rep Power
    67
    Originally Posted by b49P23TIvg
    Code:
    import string # reason to import string
    Not really, since you can also use .isdigit() method

    Comments on this post

    • b49P23TIvg agrees : Oh!
    My armada: openSUSE 13.1 (home desktop, home laptop), Crunchbang Linux 11 (work laptop), Trisquel GNU/Linux 6.0.1 (mini laptop), Ubuntu 14.04 LTS (server), Android 4.2.1 (tablet), Windows 7 Ultimate (testbed)

IMN logo majestic logo threadwatch logo seochat tools logo