From the documentation:
con.execute("insert into person(firstname) values (?)", ("Joe",))
This escapes "Joe"
, so what you want is
con.execute("insert into person(firstname) values (?)", (firstname_from_client,))
More Related Contents:
- What is SQL injection? [duplicate]
- How can prepared statements protect from SQL injection attacks?
- Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?
- Restrict an SQL Server connection to a specific IP address
- Grant SELECT permission on a view, but not on underlying objects
- Creating stored procedure getting Incorrect syntax near the keyword ‘Declare’
- Conversion failed when converting date and/or time from character string while inserting datetime
- What is the difference between Left, Right, Outer and Inner Joins? [duplicate]
- Fastest way to remove non-numeric characters from a VARCHAR in SQL Server
- Is it possible to make a recursive SQL query?
- Fetch the rows which have the Max value for a column for each distinct value of another column
- Run all SQL files in a directory
- Way to try multiple SELECTs till a result is available?
- Oracle: loading a large xml file?
- IF EXISTS condition not working with PLSQL
- unresolved reference to object [INFORMATION_SCHEMA].[TABLES]
- MySQL: How to copy rows, but change a few fields?
- Query that ignore the spaces
- Use SELECT inside an UPDATE query
- How to enable Ad Hoc Distributed Queries
- Postgres function returning table not returning data in columns
- Is htmlspecialchars enough to prevent an SQL injection on a variable enclosed in single quotes?
- How to find column names for all tables in all databases in SQL Server
- How to make a parametrized SQL Query on Classic ASP?
- passing SQL “IN” parameter list in jasperreport
- SQL update trigger only when column is modified
- How to get rid of “Error 1329: No data – zero rows fetched, selected, or processed”
- MSAccess – query to return result set of earliest rows with a unique combination of 2 columns
- How to detect query which holds the lock in Postgres?
- Get the first and last date of next month in MySQL