How do I write SQL safely in Python and avoid injection?

When working with databases in Python, it's critical to write SQL queries safely to avoid SQL injection attacks. This can be done by using parameterized queries or prepared statements, which allow you to separate SQL logic from user input.

Here's an example using the SQLite3 library in Python:

import sqlite3 # Connect to the database connection = sqlite3.connect('example.db') cursor = connection.cursor() # Create a table cursor.execute('''CREATE TABLE users (username TEXT, password TEXT)''') # Safe insertion of user data username = "user_input_username" password = "user_input_password" cursor.execute('INSERT INTO users (username, password) VALUES (?, ?)', (username, password)) # Commit the changes and close the connection connection.commit() connection.close()

SQL injection parameterized queries SQLite3 Python database security prepared statements

Related Questions

How do I avoid rehashing overhead with std::set in multithreaded code?

How do I find elements with custom comparators with std::set for embedded targets?

How do I erase elements while iterating with std::set for embedded targets?

How do I provide stable iteration order with std::unordered_map for large datasets?

How do I reserve capacity ahead of time with std::unordered_map for large datasets?

How do I erase elements while iterating with std::unordered_map in multithreaded code?

How do I provide stable iteration order with std::map for embedded targets?

How do I provide stable iteration order with std::map in multithreaded code?

How do I avoid rehashing overhead with std::map in performance-sensitive code?

How do I merge two containers efficiently with std::map for embedded targets?