Skip to main content

Python module to escape SQL special characters and quotes in strings

Project description

Python module to escape SQL special characters and quotes in strings

install: pip install sqlescapy

Assuming dangerous_input is a variable coming from a user input, a bad actor can exploit it to start injecting your database.

from sqlescapy import sqlescape

dangerous_input = "JhonWick'"

protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input)

protected_query = """

SELECT "foo_table".*, "bar_table".*
FROM "foo_table", "bar_table"
WHERE "foo_table".id = "bar_table".id
      AND %s
""" % protected_raw_statement

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sqlescapy, version 1.0.1
Filename, size File type Python version Upload date Hashes
Filename, size sqlescapy-1.0.1-py3-none-any.whl (2.8 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size sqlescapy-1.0.1.tar.gz (1.5 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page