Python module to escape SQL special characters and quotes in strings

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: Imad ElOuajib

Requires: Python >=2.7

Maintainers

Avatar for ielouajib from gravatar.com ielouajib

Classifiers

Project description

Python module to escape SQL special characters and quotes in strings

install: pip install sqlescapy

Assuming dangerous_input is a variable coming from a user input, a bad actor can exploit it to start injecting your database.

from sqlescapy import sqlescape

dangerous_input = "JhonWick'"

protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input)

protected_query = """

SELECT "foo_table".*, "bar_table".*
FROM "foo_table", "bar_table"
WHERE "foo_table".id = "bar_table".id
      AND %s
""" % protected_raw_statement

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License

Author: Imad ElOuajib

Requires: Python >=2.7

Maintainers

Avatar for ielouajib from gravatar.com ielouajib

Classifiers


Release history Release notifications | RSS feed

This version

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sqlescapy-1.0.1.tar.gz (1.5 kB view hashes)

Uploaded source

Built Distribution

sqlescapy-1.0.1-py3-none-any.whl (2.8 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page