Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Andrey Shubin2015-02-12 12:57:40
SQL
Andrey Shubin, 2015-02-12 12:57:40

How to escape characters before inserting in sql query?

Hello! There is a rather large raw sql query in a flask application. There is an ORM SQLAlchemy, but, as I said, the query is too large to write it using orms, and besides, the query text is collected on the fly, depending on various conditions. To avoid SQL injection, characters contained in variables must be escaped before being inserted into a query. How can I do that? Perhaps there are some other options on how to collect and execute the request? Variables are inserted into the query by normal string concatenation.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vlad, 2015-02-12
@idegree

Collect a string and write% instead of variables, simultaneously collecting a list of variables, then execute through execute, orm will do everything by itself. The Mysql driver for python has an escape_string() function if it's so hard for you.

Similar questions
M
maximka122017-04-20 21:35:28
How to compare two xlsx files? 5Reply
W
wolf-98302015-08-29 22:14:15
Is it worth focusing on java algorithms? 7Reply
V
Vladislav Balabanovich2015-08-31 14:45:00
How to create ajax cart widget in woocommerce? 3Reply
K
kolosovas2019-07-11 13:55:19
How to organize the processing of large amounts of data? 5Reply
M
musclecode2019-07-11 15:47:01
Mysql json_object() is it possible to influence the sort order in this function? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question