[Tutor] SQLite, Python and SQL injection attacks

Emile van Sebille emile at fenx.com
Fri Aug 14 22:23:40 CEST 2015

On 8/14/2015 11:40 AM, boB Stepp wrote:
> I was just looking at the sqlite3 docs at
> https://docs.python.org/3/library/sqlite3.html?highlight=sqlite#module-sqlite3
> and found the following cheery news:
> "Usually your SQL operations will need to use values from Python
> variables. You shouldn’t assemble your query using Python’s string
> operations because doing so is insecure; it makes your program
> vulnerable to an SQL injection attack ..."

See http://bobby-tables.com/ for more info.


More information about the Tutor mailing list