Security

SQL Injection in Python: Example and Fix

SQL injection happens when user input is directly embedded into SQL queries. Python apps using string concatenation with database queries are especially vulnerable.

❌ Vulnerable Code

query = "SELECT * FROM users WHERE name = '" + name + "'"
cursor.execute(query)

✅ Secure Fix

cursor.execute(
    "SELECT * FROM users WHERE name = ?",
    (name,)
)

💡

Pro tip: Use parameterized queries always. The database driver safely escapes all user input, making injection impossible.

Paste this code into LearnCodeGuide

Detect Python vulnerabilities and bugs automatically with AI-powered analysis.

Analyze Python Code →

SQL Injection in Python: Example and Fix

❌ Vulnerable Code

✅ Secure Fix

Related Guides