SQLAlchemy + SQL 注入 [英] SQLAlchemy + SQL Injection

问题描述

使用 SQLAlchemy 时减轻 SQL 注入攻击的最佳做法是什么?

What are the best practices for mitigating SQL injection attacks when using SQLAlchemy?

推荐答案

如果您有任何特殊"字符(例如分号或撇号)在您的数据中，它们将自动为您报价SQLEngine 对象，因此您不必担心引用.这也意味着除非你故意绕过SQLAlchemy 的引用机制，SQL注入攻击基本上是不可能.

If you have any "special" characters (such as semicolons or apostrophes) in your data, they will be automatically quoted for you by the SQLEngine object, so you don't have to worry about quoting. This also means that unless you deliberately bypass SQLAlchemy's quoting mechanisms, SQL-injection attacks are basically impossible.

[根据 http://www.rmunn.com/sqlalchemy-tutorial/tutorial.html]

这篇关于SQLAlchemy + SQL 注入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！