Sanitizing SQL input in python

published Dec 03, 2012 05:37   by admin ( last modified Dec 03, 2012 05:37 )

I'm toying with a fictional employees database ontaining 300'000 records as a back-end for a course in backbone.js. I use bottle.py to convert to and from JSON over http, and I needed a way of sanitizing (untaint) what the user sends back to the database. I found this:

 

Note that the placeholder syntax depends on the database you are using.


Read more: Link - bobby-tables.com: A guide to preventing SQL injection in Python