본문 바로가기

13 Security Lab

검색하기
13 Security Lab
프로필사진 Maj0r Tom

  • 분류 전체보기 (137)
    • Articles (12)
    • Computer Science (79)
      • Study (2)
      • Projects (9)
      • Programming (28)
      • Windows Externals (31)
      • linux - wiki (2)
      • Tools (7)
    • Computer Security (43)
      • Security Articles (17)
      • Projects (0)
      • Analysis (22)
Guestbook
Notice
Recent Posts
Recent Comments
Link
  • FORENSIC-PROOF
  • MalwareTech
  • gentilkiwi
  • Ero Carrera's blog
  • Root Me
«   2025/09   »
일 월 화 수 목 금 토
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Tags
  • h5py.File
  • debugging
  • idapro
  • javascript
  • Injection
  • Analysis
  • NumPy Unicode Error
  • open office xml
  • svn update
  • mock.patch
  • error fix
  • commandline
  • idapython
  • malware
  • hex-rays
  • Rat
  • idb2pat
  • Ransomware
  • why error
  • x64
  • ida pro
  • Python
  • data distribution
  • MySQL
  • ecma
  • 포인터 매핑
  • error
  • ida
  • pytest
  • TensorFlow
more
Archives
Today
Total
관리 메뉴
  • 글쓰기
  • 방명록
  • RSS
  • 관리

목록bracket (1)

13 Security Lab

python inserting single quotes (') around MySQL table name

Do not use SQL parameters for table names. SQL parameters are escaped by the database adapter to not be interpreted as anything but literal values. You'll have to interpolate those yourself instead, but be absolutely certain that your table name does not hold untrusted data (prevent SQL injection attacks): 1 2 cur.execute("GRANT SELECT ON `project1`.`%s` TO `odbc`@`localhost`;" % row) cur.execut..

Computer Science/Programming 2015. 12. 4. 18:00
Prev 1 Next

Blog is powered by kakao / Designed by Tistory

티스토리툴바