sqlescapy

Python module to escape SQL special characters and quotes in strings

Project description

Python module to escape SQL special characters and quotes in strings

install: pip install sqlescapy

Assuming dangerous_input is a variable coming from a user input, a bad actor can exploit it to start injecting your database.

from sqlescapy import sqlescape

dangerous_input = "JhonWick'"

protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input)

protected_query = """

SELECT "foo_table".*, "bar_table".*
FROM "foo_table", "bar_table"
WHERE "foo_table".id = "bar_table".id
      AND %s
""" % protected_raw_statement

Project details

Release history Release notifications | RSS feed

This version

1.0.1

Sep 13, 2019

1.0.0

Sep 13, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sqlescapy, version 1.0.1
Filename, size	File type	Python version	Upload date	Hashes
Filename, size sqlescapy-1.0.1-py3-none-any.whl (2.8 kB)	File type Wheel	Python version py3	Upload date Sep 13, 2019	Hashes View
Filename, size sqlescapy-1.0.1.tar.gz (1.5 kB)	File type Source	Python version None	Upload date Sep 13, 2019	Hashes View

Hashes for sqlescapy-1.0.1-py3-none-any.whl

Hashes for sqlescapy-1.0.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`3a50b4b1eb8971b51a3c097c37cd58921a8f9e296619534aed515116356f5fbf`
MD5	`44e3bc0456b1cdcaf50a26d1f015bc32`
BLAKE2-256	`c46abd5df7aeed348a0ac9d2d0417128ed82af6291bd76afb16254379a55ad3f`

Hashes for sqlescapy-1.0.1.tar.gz

Hashes for sqlescapy-1.0.1.tar.gz
Algorithm	Hash digest
SHA256	`281c27266e9f6934a7728a7272b2299bce395d0aeb12a314641add1ffd7e0872`
MD5	`f455a9c35e201ef642d5f946107c3940`
BLAKE2-256	`43bbd5077ee1599474af84393bc000212d2aa29e846e10044c4a5eb0813f2339`