正常情况:
params = (id, name)
sql = "select id, name from user where id=%s and name=%s"
cursor.execute(sql, params)
Flask使用sqlalchemy情况:
from sqlalchemy import text
sql = 'select * from user where id = :id'
session.execute(text(sql), {'id':1})
python 防sql注入
最新推荐文章于 2024-04-16 23:08:28 发布