mysqldb,sqlalchemy和flask-sqlalchemy执行raw sql时如何防止sql注入

mysqldb

c=db.cursor()
max_price=5
c.execute("""SELECT spam, eggs, sausage FROM breakfast
          WHERE price < %s""", [max_price])

sqlalchemy

from sqlalchemy.sql import text
t = text("select * from test where id= :tid")
conn.execute(t, tid=1).fetchall()

flask-sqlalchemy

db = SQLAlchemy(app)
conn = db.session.connection()

@app.route('/')
def index():
    rv = conn.execute('select * from test where id = %s', [1])
    return jsonify(rv)
    原文作者:icheeringsoul
    原文地址: https://segmentfault.com/a/1190000007627415
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞