From 58504588a9b89613c39e5917193c99287c720b9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luiz=20Ot=C3=A1vio?= <luizomf@gmail.com>
Date: Sat, 15 Apr 2023 12:03:37 -0300
Subject: [PATCH] Evite SQL Injection ao usar placeholders para enviar valores
 para consulta SQL

---
 aula206/main.py | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/aula206/main.py b/aula206/main.py
index e5c831e..9c645a2 100644
--- a/aula206/main.py
+++ b/aula206/main.py
@@ -36,17 +36,14 @@ with connection:
     # Começo a manipular dados a partir daqui
 
     with connection.cursor() as cursor:
-        cursor.execute(  # type: ignore
+        sql = (
             f'INSERT INTO {TABLE_NAME} '
-            '(nome, idade) VALUES ("Luiz", 25) '
-        )
-        cursor.execute(  # type: ignore
-            f'INSERT INTO {TABLE_NAME} '
-            '(nome, idade) VALUES ("Luiz", 25) '
-        )
-        result = cursor.execute(  # type: ignore
-            f'INSERT INTO {TABLE_NAME} '
-            '(nome, idade) VALUES ("Luiz", 25) '
+            '(nome, idade) '
+            'VALUES '
+            '(%s, %s) '
         )
+        data = ('Luiz', 18)
+        result = cursor.execute(sql, data)  # type: ignore
+        print(sql, data)
         print(result)
     connection.commit()