I tried to find a method for using sqlalchemy's engine.execute
level solutions for sql injections, but I came across this is possible via ORM style.
How can we achieve it using engine-level api?
You can use bind parameters with sqlalchemy.sql.expression.text to avoid SQL injection. Also using the sql/core layer to build queries should also work of course, ie. session.execute(select(my_table).where(id=some_id)).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.