Is a SQLAlchemy query vulnerable to injection attacks?

by

The underlying db-api library for whatever database you’re using (sqlite3, psycopg2, etc.) escapes parameters. SQLAlchemy simply passes the statement and parameters to execute, the driver does whatever is needed. Assuming you are not writing raw SQL that includes parameters yourself, you are not vulnerable to injection. Your example is not vulnerable to injection.

More Related Contents:

  1. How to execute raw SQL in Flask-SQLAlchemy app
  2. jsonify a SQLAlchemy result set in Flask [duplicate]
  3. Flask-SQLAlchemy import/context issue
  4. How to build a flask application around an already existing database?
  5. Flask Download a File
  6. Implementing Flask-Login with multiple User Classes
  7. Flask sqlalchemy many-to-many insert data
  8. How to delete a record by id in Flask-SQLAlchemy
  9. Flask-SQLAlchemy db.create_all() raises RuntimeError working outside of application context
  10. Get inserted key before commit session
  11. Querying with function on Flask-SQLAlchemy model gives BaseQuery object is not callable error
  12. AttributeError: ‘int’ object has no attribute ‘_sa_instance_state’
  13. ImportError: No module named flaskext.sqlalchemy
  14. Getting first row from sqlalchemy
  15. flask-sqlalchemy or sqlalchemy
  16. Flask-SQLAlchemy Constructor
  17. Flask, SQLAlchemy : KeyError: ‘SQLALCHEMY_TRACK_MODIFICATIONS’
  18. Tyring to set up modelview with Flask-Admin causes ImportError
  19. SQLAlchemy ordering by count on a many to many relationship
  20. flask sqlalchemy query with keyword as variable
  21. Flask raises TemplateNotFound error even though template file exists
  22. Reference template variable within Jinja expression
  23. Is the server bundled with Flask safe to use in production?
  24. Handle Flask requests concurrently with threaded=True
  25. Make a POST request while redirecting in flask
  26. redirect while passing arguments
  27. What is the purpose of Flask’s context stacks?
  28. Remove unnecessary whitespace from Jinja rendered template
  29. Extending Flask class as main App
  30. Gunicorn can’t find app when name changed from “application”

Leave a Comment