Is the library SQL injection safe? #77
Answered
by
Brooke-white
kishaningithub
asked this question in
Q&A
-
|
If i pass in the parameters of a query directly from an input source.. are they sanitized to prevent SQL injection? Or should something like jinjasql should be used to sanitize the SQL params? |
Beta Was this translation helpful? Give feedback.
Answered by
Brooke-white
Jan 24, 2022
Replies: 1 comment
-
|
redshift_connector uses parameterized statements by default, as a protector against SQL injection. cursor.execute("select * from my_table where some_col = %s", (some_value,))Using parameterized statements is safer than using approaches such as string concatenation, shown below cursor.execute("select * from my_table where some_col = {}".format("'hello world'")Please let me know if there is anything else I can clarify. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
Brooke-white
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
redshift_connector uses parameterized statements by default, as a protector against SQL injection.
Using parameterized statements is safer than using approaches such as string concatenation, shown below
Please let me know if there is anything else I can clarify.