Protecting against SQL injection in python

by

From the documentation:

con.execute("insert into person(firstname) values (?)", ("Joe",))

This escapes "Joe", so what you want is

con.execute("insert into person(firstname) values (?)", (firstname_from_client,))

More Related Contents:

  1. What is SQL injection? [duplicate]
  2. How can prepared statements protect from SQL injection attacks?
  3. Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?
  4. Restrict an SQL Server connection to a specific IP address
  5. Grant SELECT permission on a view, but not on underlying objects
  6. Creating stored procedure getting Incorrect syntax near the keyword ‘Declare’
  7. Conversion failed when converting date and/or time from character string while inserting datetime
  8. What is the difference between Left, Right, Outer and Inner Joins? [duplicate]
  9. Fastest way to remove non-numeric characters from a VARCHAR in SQL Server
  10. Is it possible to make a recursive SQL query?
  11. Fetch the rows which have the Max value for a column for each distinct value of another column
  12. Run all SQL files in a directory
  13. Way to try multiple SELECTs till a result is available?
  14. Oracle: loading a large xml file?
  15. IF EXISTS condition not working with PLSQL
  16. unresolved reference to object [INFORMATION_SCHEMA].[TABLES]
  17. MySQL: How to copy rows, but change a few fields?
  18. Query that ignore the spaces
  19. Use SELECT inside an UPDATE query
  20. How to enable Ad Hoc Distributed Queries
  21. Postgres function returning table not returning data in columns
  22. Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?
  23. How to find column names for all tables in all databases in SQL Server
  24. How to make a parametrized SQL Query on Classic ASP?
  25. passing SQL “IN” parameter list in jasperreport
  26. SQL update trigger only when column is modified
  27. How to get rid of “Error 1329: No data – zero rows fetched, selected, or processed”
  28. MSAccess – query to return result set of earliest rows with a unique combination of 2 columns
  29. How to detect query which holds the lock in Postgres?
  30. Get the first and last date of next month in MySQL

Leave a Comment