Python module to escape SQL special characters and quotes in strings
Project description
Python module to escape SQL special characters and quotes in strings
install:
pip install sqlescapy
Assuming dangerous_input
is a variable coming from a user input, a bad actor can exploit it to start injecting your database.
from sqlescapy import sqlescape
dangerous_input = "JhonWick'"
protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input)
protected_query = """
SELECT "foo_table".*, "bar_table".*
FROM "foo_table", "bar_table"
WHERE "foo_table".id = "bar_table".id
AND %s
""" % protected_raw_statement
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sqlescapy-1.0.1.tar.gz
(1.5 kB
view hashes)
Built Distribution
Close
Hashes for sqlescapy-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3a50b4b1eb8971b51a3c097c37cd58921a8f9e296619534aed515116356f5fbf |
|
MD5 | 44e3bc0456b1cdcaf50a26d1f015bc32 |
|
BLAKE2b-256 | c46abd5df7aeed348a0ac9d2d0417128ed82af6291bd76afb16254379a55ad3f |