Python module to escape SQL special characters and quotes in strings
Project description
Python module to escape SQL special characters and quotes in strings
Assuming dangerous_input
is a variable coming from a user input, a bad actor can exploit it to start injecting your database.
dangerous_input = "JhonWick'"
protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input)
protected_query = """
SELECT "foo_table".*, "bar_table".*
FROM "foo_table", "bar_table"
WHERE "foo_table".id = "bar_table".id
AND %s
""" % protected_raw_statement
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
sqlescapy-1.0.0.tar.gz
(1.5 kB
view hashes)
Built Distribution
Close
Hashes for sqlescapy-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5da26ffc1327ce9b96cc2f493b5057d6fcef936121b78bf0da98964e4dd049f5 |
|
MD5 | c6a4adcc0add69c87496c5752d1c05ef |
|
BLAKE2b-256 | 800fc0be556ada12acf635725cb1aa89131dc86e6f4f9653148f2499ed8b1bb1 |