Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Been there before! Spent months refactoring code with that horrible security. SQL injection at its finest.
-
I'm doing that but it's inside an AWS lambda function. The variables are within the function; nothing from the outside is used. I assume I don't have to worry there.
-
gears4747yPython3 correct way
Sqlite_query = ("update table set col1 = ?, col2 = ?", ('data1', 'data2')) -
Root826027y@edwrodrig They're tools. If you use any tool in an insecure way, the result is a security hole.
-
SHA-25614477y@edwrodrig That has nothing to do with python...it is the fault of the programmer if it is insecure....if I set my SSH password to "123456" and someone gets in you don't blame it on SSH would you ? same with sql injection....if you use it wrong it can be insecure
-
Fradow9167yI was wondering where the screenshot is from, here it is: http://initd.org/psycopg/docs/...
-
It was sarcasm. Some people argues in typical Python vs Php comparison that Python is more secure PHP because SQL injections, which is a stupid argument.
-
Im just wondering, does any system, do this anymore?
Like most people I see go with a sql-injection safe ORM or somethign right?? Its hard for me to believe any valuable app to do this nowadays.
Yeah, maybe like back then when writing raw sql in php was the only way to go, but today? Idk -
@jackgreen There are a lot of idiots out there, I've seen SQL injections in laravel codebases using DB:raw with concatenated shit, The idiot who wrote it excused it with it being "Faster" (while it is true that the query builder adds some overhead and doesn't always generate great SQL you can still bind your parameters)
-
@AnonymousCoder Can you provide me the link of this doc ? I want to surprise my friend who is using postgres and python in his app ..
-
@AnonymousCoder oh my bad. Didn't read all the comments​. Tnx btw for the quick response and the laugh :)
Man, that's a pretty serious SQL warning..
undefined