How to operate mysql in python to prevent your own program from being maliciously injected later (to put it bluntly, I am asking about some key points of anti-injection in python)
滿天的星座2017-06-14 10:50:54
0
2
819
Is it necessary to refer to previous anti-injection documents in languages such as php or java? It’s really hard to find anti-injection documentation related to python
1.Pass
Anti-injection.
2.If passed
This format requires MySQLdb.escape_string(name) to prevent injection.
It is recommended to use the first one.
One thing I know is not to use sql.format("x1", "x2"), but to pass the parameters to cursor.execute for processing