Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Andrey Shubin2015-02-12 12:57:40
SQL
Andrey Shubin, 2015-02-12 12:57:40

How to escape characters before inserting in sql query?

Hello! There is a rather large raw sql query in a flask application. There is an ORM SQLAlchemy, but, as I said, the query is too large to write it using orms, and besides, the query text is collected on the fly, depending on various conditions. To avoid SQL injection, characters contained in variables must be escaped before being inserted into a query. How can I do that? Perhaps there are some other options on how to collect and execute the request? Variables are inserted into the query by normal string concatenation.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vlad, 2015-02-12
@idegree

Collect a string and write% instead of variables, simultaneously collecting a list of variables, then execute through execute, orm will do everything by itself. The Mysql driver for python has an escape_string() function if it's so hard for you.

Similar questions
R
ratatyq2016-08-28 13:37:09
As developed not off. gta 5 server 4Reply
O
Obivankinobi2017-06-24 05:48:52
How to make the correct regularity? 3Reply
L
lox2562020-11-11 18:42:46
I get the error UnboundLocalError: local variable 'xod' referenced before assignment, how to fix it? 2Reply
J
Junior2019-01-06 19:30:47
How to implement it (PHP, SQL)? 1Reply
C
Carry2014-07-16 11:57:39
What server to select instead of access 2003? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question