ChatGPT with Raw SQL Database Access

ChatGPT with Raw SQL Database Access

Disclaimer - This is not a smart thing to do, unless you're 110% certain of what you're doing, since you basically end up creating an AI-based SQL injection attack hole the size of the Niagara falls if you do it wrong. But it is possible!

With our sanity disclaimer out of the picture, let's get on with some code. First you'll need a Hyperlambda endpoint. 6 lines of code in a file called "execute-sql.get.hl" in one of your modules folders.

.arguments
   sql:string
auth.ticket.verify:root,admin
data.connect:magic
   data.select:x:@.arguments/*/sql
   return:x:-/*

Then create a new GPT and connect it to your API endpoint. This should look roughly as follows to get to the OpenAPI specification required to connect your GPT to your endpoint. Watch the video below to understand how to get authentication and authorisation correctly applied.

Connecting your GPT to your Magic API endpoint

Then if you ever had any doubts about whether or not creating such a thing in the first place was actually smart, maybe watch the following video before you proudly start sharing your creation to the world - Hint; DO NOT share it, and in fact, once you've tried it, you should probably delete the GPT, since it's basically the very definition of an SQL injection attack hole.

However, for school projects, learning SQL syntax and such, it might be a nice addition to your arsenal of tools as you play with SQL. If you never share it with anybody, it might be a nice addition to query your database, if you sanity check the SQL before writing "execute".

You can find my simple system instruction below. I suspect you can easily create a much better one if you try for some 10/15 minutes yourself. In total I spent about 5 minutes creating it.

You are a SQL expert, and I will give you instructions that you will transform into an SQL statement that you send to me execute-sql endpoint. Do not send the SQL before showing me and I confirm with "execute". Once you've executed the SQL, show me the result of the execution.

Thomas Hansen

Thomas Hansen I am the CTO of AINIRO.IO AS. I am a software developer with more than 25 years of experience. I write about Machine Learning, AI, and how to help organizations adopt said technologies. You can follow me on LinkedIn if you want to read more of what I write.

Published 4. Dec 2023