[Tutor] SQLite, Python and SQL injection attacks
Emile van Sebille
emile at fenx.com
Fri Aug 14 22:23:40 CEST 2015
On 8/14/2015 11:40 AM, boB Stepp wrote:
> I was just looking at the sqlite3 docs at
>
> https://docs.python.org/3/library/sqlite3.html?highlight=sqlite#module-sqlite3
>
> and found the following cheery news:
>
> "Usually your SQL operations will need to use values from Python
> variables. You shouldn’t assemble your query using Python’s string
> operations because doing so is insecure; it makes your program
> vulnerable to an SQL injection attack ..."
See http://bobby-tables.com/ for more info.
Emile
More information about the Tutor
mailing list