sqlalchemy protection against sql injections- using engine.execute() api
Question
I tried to find a method for using sqlalchemy's engine.execute level solutions for sql injections, but I came across this is possible via ORM style.
How can we achieve it using engine-level api?
1 answers
solution1
1 2023-01-17 05:02:01
You can use bind parameters with sqlalchemy.sql.expression.text to avoid SQL injection. Also using the sql/core layer to build queries should also work of course, ie. session.execute(select(my_table).where(id=some_id)).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Using SQLAlchemy to execute an SQL statement with named parameters
Set timezone when using pandas read_sql and SQLAlchemy engine
SQL Server Query Won't Commit Using SQLAlchemy Engine
How to execute sql stored procedure with multiple date parameters using sqlalchemy in pandas
execute many sql statements at the same time with sqlalchemy
How to get value from sqlalchemy .execute() method? Python + Sqlalchemy+ MS SQL server
Run alembic operations manually by code, using an sqlalchemy engine
how to execute query on simple vertical partitioning in sqlalchemy using python
Using SQLAlchemy declarative base with SQL Model
Update value in SQL table using SqlAlchemy in python?
Related Tags