Using python with a sqlite DB - whats the method used for escaping the data going out and pulling the data coming out? Using pysqlite2 Google has conflicting suggestions.

Use the second parameter <code>args</code> to pass arguments; don't do the escaping yourself. Not only is this easier, it also helps prevent SQL injection attacks. <pre class="prettyprint"><code>cursor.execute(sql,args) </code></pre> for example, <pre class="prettyprint"><code>cursor.execute('INSERT INTO foo VALUES (?, ?)', ("It's okay", "No escaping necessary") ) </code></pre>

python and sqlite - escape input

1 Answers

Use the second parameter args to pass arguments; don't do the escaping yourself. Not only is this easier, it also helps prevent SQL injection attacks.

cursor.execute(sql,args)

for example,

cursor.execute('INSERT INTO foo VALUES (?, ?)', ("It's okay", "No escaping necessary") )

102

answered Sep 26 '22 03:09

unutbu

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

python and sqlite - escape input

Tags:

python

sqlite

pysqlite

Wizzard

1 Answers

unutbu

Recent Activity

Donate For Us

python and sqlite - escape input

Tags:

python

sqlite

pysqlite

Wizzard

1 Answers

unutbu

Related questions

Recent Activity

Donate For Us