b.santos/cursopython2023
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Evite SQL Injection ao usar placeholders para enviar valores para consulta SQL

Browse Source
This commit is contained in:
Luiz Otávio
2023-04-15 12:03:37 -03:00
parent f9b0a425e5
commit 58504588a9
1 changed files with 7 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
aula206/main.py
View File

@@ -36,17 +36,14 @@ with connection:
# Começo a manipular dados a partir daqui # Começo a manipular dados a partir daqui
with connection.cursor() as cursor: with connection.cursor() as cursor:
cursor.execute( # type: ignore sql = (
f'INSERT INTO {TABLE_NAME} ' f'INSERT INTO {TABLE_NAME} '
'(nome, idade) VALUES ("Luiz", 25) ' '(nome, idade) '
) 'VALUES '
cursor.execute( # type: ignore '(%s, %s) '
f'INSERT INTO {TABLE_NAME} '
'(nome, idade) VALUES ("Luiz", 25) '
)
result = cursor.execute( # type: ignore
f'INSERT INTO {TABLE_NAME} '
'(nome, idade) VALUES ("Luiz", 25) '
) )
data = ('Luiz', 18)
result = cursor.execute(sql, data) # type: ignore
print(sql, data)
print(result) print(result)
connection.commit() connection.commit()