I want to insert beacon scan result in to a database using python and mysql
Michael Torrie
torriem at gmail.com
Thu Nov 10 10:36:30 EST 2016
On 11/10/2016 06:15 AM, Dennis Lee Bieber wrote:
> On Wed, 9 Nov 2016 21:05:50 -0800 (PST), sudeeratechneed at gmail.com
> declaimed the following:
>
>>
>> sql = "insert into beacon VALUES(null, '%s')" % \
>> (beacon)
>>
> DON'T DO THAT...
Wouldn't hurt to include a brief why on this, and the right way to do
this. The why is, of course, that this operation is vulnerable to SQL
injection. This should be avoided as a matter of practice, even if
you're not taking input from anyone but yourself. The correct way to do
this is to use a prepared statement. And of course the relevant xkcd
is: https://xkcd.com/327/
More information about the Python-list
mailing list