About SQL injection,
Am getting error at checkmarx like may attacker provide malicious data via input argv that flows through code without sanitization.
input argv like below
If __name==__main:
try:
Variable=sys.argv[2]
except:
Error
Anyone please help me with this am stuck with sql injection error.
I don’t know what checkmarx is but are you using parameters for your SQL statements? That is the standard way to avoid injection. See, for example https://bobby-tables.com/.
It’s been sometime since I did this kind of thing and I did implement some PHP code to prevent SQL injection: I’m sure it involved escaping the input.
I’ve never tried the technique in Python, but I see no reason my that technique would not work.