SQL injection prevention at input argv

Lean143sin · May 10, 2022, 4:04pm

About SQL injection,
Am getting error at checkmarx like may attacker provide malicious data via input argv that flows through code without sanitization.

input argv like below

If __name==__main:
try:
Variable=sys.argv[2]
except:
Error
Anyone please help me with this am stuck with sql injection error.

ndc86430 · May 10, 2022, 4:52pm

I don’t know what checkmarx is but are you using parameters for your SQL statements? That is the standard way to avoid injection. See, for example https://bobby-tables.com/.

rob42 · May 10, 2022, 5:17pm

It’s been sometime since I did this kind of thing and I did implement some PHP code to prevent SQL injection: I’m sure it involved escaping the input.

I’ve never tried the technique in Python, but I see no reason my that technique would not work.

Topic		Replies	Views
Is python affected by CVE-2024-24576? Python Help	4	663	April 16, 2024
Python Security Issues with os.environ.get Python Help	1	1603	June 25, 2022
I am trying to run a SQL statement with a user input in where clause Python Help	2	3376	December 30, 2022
UnboundLocalError: cannot access local variable 'insert_query' where it is not associated with a value Python Help help	9	1138	March 18, 2024
InputError: Show an error message without a traceback Ideas	12	15958	April 19, 2019

SQL injection prevention at input argv

Related Topics