File tree Expand file tree Collapse file tree 1 file changed +10
-8
lines changed Expand file tree Collapse file tree 1 file changed +10
-8
lines changed Original file line number Diff line number Diff line change @@ -186,11 +186,12 @@ <h1 class="font-serif font-bold text-cloudbank text-3xl">
186186 </ p >
187187 < pre > < code class ="language-python "> from some_db_library import execute
188188
189- def get_query(name: str) -> str:
190- return f"SELECT * FROM students WHERE name = '{name}'"
189+ def get_student(name: str):
190+ return execute(
191+ f"SELECT * FROM students WHERE name = '{name}'"
192+ )
191193
192- query = get_query("Robert'); DROP TABLE students;--")
193- execute(query) # ☠️ ☠️ ☠️
194+ get_student("Robert'); DROP TABLE students;--") # ☠️ ☠️ ☠️
194195</ code > </ pre >
195196 < p >
196197 That < code > execute()</ code > method takes a < code > str</ code > as input.
@@ -203,11 +204,12 @@ <h1 class="font-serif font-bold text-cloudbank text-3xl">
203204 < pre > < code class ="language-python "> from string.templatelib import Template
204205from some_db_library import execute_t
205206
206- def get_query(name: str) -> Template:
207- return t"SELECT * FROM students WHERE name = '{name}'"
207+ def get_student(name: str):
208+ return execute_t(
209+ t"SELECT * FROM students WHERE name = '{name}'"
210+ )
208211
209- query = get_query("Robert'); DROP TABLE students;--")
210- execute_t(query) # 🎉 🦄 👍
212+ get_student("Robert'); DROP TABLE students;--") # 🎉 🦄 👍
211213</ code > </ pre >
212214 < p >
213215 That's all it takes: if your SQL library supports t-strings, it can
You can’t perform that action at this time.
0 commit comments