python (12.9k questions)

javascript (9.2k questions)

reactjs (4.7k questions)

java (4.2k questions)

java (4.2k questions)

c# (3.5k questions)

c# (3.5k questions)

html (3.3k questions)

Questions - sql-injection

Why is PyMySQL not vulnerable to SQL injection attacks?

I am new to PyMySQL and just tried to execute a query: c.execute('''INSERT INTO mysql_test1 ( data, duration, ...
test-img

felixjrd

python

mysql

sql-injection

pymysql

string-operations

Votes: 0

Answers: 1

Latest Answer

It's a pity that the designers of pymysql chose to use %s as the parameter placeholder. It confuses many developers because that's the same as the %s used in string-formatting functions. But it's not ...
test-img

Bill Karwin

To prevent SQL-injection in user-defined formulae, is character whitelisting enough?

In my SaaS app, I want to give customers user-defined arithmetic expression formulae, with plus minus multiple and divide, and if else For example, the customer might enter a formula like CASE WHEN sa...
test-img

Max

sql-injection

Votes: 0

Answers: 1

Latest Answer

No, using a regular expression like the one you show would not protect against unauthorized expressions. The example of allowing a user to write an expression and executing a query including that expr...
test-img

Bill Karwin

Python : Safe way to insert multiple values to psql table

So to insert multiple values to my psql table I use the following code: sql_query = "INSERT INTO %s(%s) VALUES(%%s,%%s,%%s)" % (table_name, my_columns) cursor = connection.cursor() cursor.ex...
test-img

foxel

python

python-3.x

psycopg2

sql-injection

psql

Votes: 0

Answers: 0

Should I care about sql injection after user has been authenticated?

Does make sense to check on malicious SQL input from an authenticated user?
test-img

Chi

sql

salesforce

sql-injection

soql

Votes: 0

Answers: 2

Latest Answer

An authenticated user can inject queries that bypasses his security settings if such a query doesn't enforce security checks on fields/objects. Also if a class is defined as without sharing, a simple ...
test-img

debugger

Posts

Questions

Blogs

Jobs