Notice
Recent Posts
Recent Comments
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 |
Tags
- idb2pat
- malware
- h5py.File
- error fix
- javascript
- commandline
- Ransomware
- Rat
- svn update
- idapro
- mock.patch
- TensorFlow
- Python
- ecma
- ida
- error
- debugging
- hex-rays
- data distribution
- x64
- Analysis
- idapython
- NumPy Unicode Error
- why error
- Injection
- 포인터 매핑
- pytest
- open office xml
- MySQL
- ida pro
Archives
- Today
- Total
목록2015/12/04 (1)
13 Security Lab
python inserting single quotes (') around MySQL table name
Do not use SQL parameters for table names. SQL parameters are escaped by the database adapter to not be interpreted as anything but literal values. You'll have to interpolate those yourself instead, but be absolutely certain that your table name does not hold untrusted data (prevent SQL injection attacks): 1 2 cur.execute("GRANT SELECT ON `project1`.`%s` TO `odbc`@`localhost`;" % row) cur.execut..
Computer Science/Programming
2015. 12. 4. 18:00