- Here is an example of how to prevent SQL injection in Python using parameterized queries:
- import mysql.connector
- # connect to the database
- db = mysql.connector.connect(
- host="localhost",
- user="user",
- password="password",
- database="database"
- )
- # prepare a cursor object
- cursor = db.cursor()
- # define the SQL query with placeholders for the parameters
- query = "SELECT * FROM users WHERE username=%s AND password=%s"
- # get the user-supplied values for the parameters
- username = input("Enter your username: ")
- password = input("Enter your password: ")
- # execute the query using the user-supplied values as parameters
- cursor.execute(query, (username, password))
- # fetch and process the result set
- result = cursor.fetchone()
- if result:
- print("Welcome, {}!".format(username))
- else:
- print("Invalid username or password")
- # close the cursor and database connection
- cursor.close()
- db.close()
Python software and documentation are licensed under the PSF License Agreement.
Starting with Python 3.8.6, examples, recipes, and other code in the documentation are dual licensed under the PSF License Agreement and the Zero-Clause BSD license.
Some software incorporated into Python is under different licenses. The licenses are listed with code falling under that license. See Licenses and Acknowledgements for Incorporated Software for an incomplete list of these licenses.
Python and it's documentation is:
Copyright © 2001-2022 Python Software Foundation. All rights reserved.
Copyright © 2000 BeOpen.com. All rights reserved.
Copyright © 1995-2000 Corporation for National Research Initiatives. All rights reserved.
Copyright © 1991-1995 Stichting Mathematisch Centrum. All rights reserved.
See History and License for complete license and permissions information:
https://docs.python.org/3/license.html#psf-license