Python module to escape SQL special characters and quotes in strings
install:
pip install sqlescapy
Assuming dangerous_input is a variable coming from a user input, a bad actor can exploit it to start injecting your database.
from sqlescapy import sqlescape
dangerous_input = "JhonWick'"
protected_raw_statement = "\"foo_table\".username='%s'" % sqlescape(dangerous_input)
protected_query = """
SELECT "foo_table".*, "bar_table".*
FROM "foo_table", "bar_table"
WHERE "foo_table".id = "bar_table".id
AND %s
""" % protected_raw_statement
FAQs
Python module to escape SQL special characters and quotes in strings
We found that sqlescapy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.
Security News
Michigan TypeScript founder Dimitri Mitropoulos implements WebAssembly runtime in TypeScript types, enabling Doom to run after processing 177 terabytes of type definitions.