Python Security Guide

Python 安全指引

数据库

SQL 注入

数据库参数代入语法:

conn = Connect()
cursor = conn.db.cursor()
cursor.execute(
    """
    SELECT * FROM providers WHERE providerID=%(id)s
    """, {'id': provider_id}
)
result = cursor.fetchone()

用户认证

Author: njun
njun's picture
Updated: 2020/06/04