Estou com medo de meu c�digo esteja vulner�vel a sql injection.[code=python]self._sqlhandle.connect(DB_USERS)connected = self._sqlhandle.chk_conn()logged_in = Falseif connected: user = str(...

SQL Injection em python

19/05/2021

Estou com medo de meu c�digo esteja vulner�vel a sql injection.

self._sqlhandle.connect(DB_USERS)
connected = self._sqlhandle.chk_conn()
logged_in = False

if connected:

    user = str(self._user_input.get())
    password = str(self._pass_input.get())

    self._sqlhandle.execute(f"""SELECT usuario FROM {self._sqlhandle.table_name[0]}""")

    for user_data in self._sqlhandle.cursor.fetchall():
	    if user == user_data[0]:
		    user_exist = True
		    break
	    else:
		    user_exist = False

Alguma opni�o?

Jefferson

Curtir t�pico + 0

Responder