简体繁体中英

Django request.POST.get SQL injection

原文 2014-04-07 02:22:40 9 1 python/ django

I'm currently getting POST data using the method request.POST.get(). I'd like to know if this method gives me raw POST data or if it's correctly escaping and protected against SQL injection.

Thank you in advance for your help.

Galaf

1 answers

If you're feeding the result of request.POST right into a SQL query (ie, without using the Django ORM), you will most definitely be vulnerable to SQL injection.

But, if you are using the Django ORM (or another well-written ORM, such as SQLAlchemy), all of your input data will be sanitized.

tldr; you're safe

request.POST.get with django

request.post.get() is empty — Django

django: request.POST.get() returns NoneType

request.POST.get() gives None in django

Django request.POST.get() returns None

Request.POST.get not working for me in django, returning default value

Django - HTML form does not submit (request.POST.get(…) is empty)

Django Form request.POST.get() always returns empty

When printing out data from a POST request, request.POST.get() returns None in Django App

request.POST.get returns NULL

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question request.POST.get with django request.post.get() is empty — Django django: request.POST.get() returns NoneType request.POST.get() gives None in django Django request.POST.get() returns None Request.POST.get not working for me in django, returning default value Django - HTML form does not submit (request.POST.get(…) is empty) Django Form request.POST.get() always returns empty When printing out data from a POST request, request.POST.get() returns None in Django App request.POST.get returns NULL

Related Tags

Django request.POST.get SQL injection

Question

1 answers

solution1 1 ACCPTED 2014-04-07 02:29:02

solution1
1 ACCPTED 2014-04-07 02:29:02