Created
March 12, 2017 12:18
-
-
Save Swalloow/9b0b074fa0939ee9a339a9da39d066ea to your computer and use it in GitHub Desktop.
SQL Injection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @app.route("/user/<user_id>") | |
| def show_user(user_id): | |
| cur = db.cursor() | |
| query = "SELECT * FROM user_table where user = %s"%user_id | |
| c.execute(query) | |
| return c.fetchall() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment