Python module to escape SQL special characters and quotes in strings
Project description
Python module to escape SQL special characters and quotes in strings
install:
pip install sqlescapy
Assuming dangerous_input
is a variable coming from a user input, a bad actor can exploit it to start injecting your database.
from sqlescapy import sqlescape dangerous_input = "JhonWick'" protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input) protected_query = """ SELECT "foo_table".*, "bar_table".* FROM "foo_table", "bar_table" WHERE "foo_table".id = "bar_table".id AND %s """ % protected_raw_statement
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Filename, size | File type | Python version | Upload date | Hashes |
---|---|---|---|---|
Filename, size sqlescapy-1.0.1-py3-none-any.whl (2.8 kB) | File type Wheel | Python version py3 | Upload date | Hashes View |
Filename, size sqlescapy-1.0.1.tar.gz (1.5 kB) | File type Source | Python version None | Upload date | Hashes View |
Close
Hashes for sqlescapy-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3a50b4b1eb8971b51a3c097c37cd58921a8f9e296619534aed515116356f5fbf |
|
MD5 | 44e3bc0456b1cdcaf50a26d1f015bc32 |
|
BLAKE2-256 | c46abd5df7aeed348a0ac9d2d0417128ed82af6291bd76afb16254379a55ad3f |