Understanding sqlite3 sanitization in python - IT Security Stack Exchange

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

坚韧的竹笋 · gold-miner/TODO/python ...· 1 周前 ·

深情的针织衫 · Automatically apply a ...· 4 月前 ·

高兴的烈酒 · 【网络辟谣】康师傅方便面含有日本禁用农药多菌 ...· 5 月前 ·

才高八斗的松球 · 脱水泥饼堆填体的压缩及渗透特性试验研究· 7 月前 ·

逼格高的核桃 · Win10 ...· 9 月前 ·

还单身的红茶 · PostgreSQL -- 数组类型操作 ...· 1 年前 ·

I insert all data with such syntax

c.execute("INSERT INTO table (e1, e2) VALUES(?, ?)", (V1, V2))
as recommended here. My question is
How does python-sqlite3 sanitize these requests? What happens in case the entry type is BLOB? Since BLOB has to be written as it is, what constraints will sanitization put on it?
        This is making a prepared statement. It won't sanitize the inputs. At a low level, it's probably using the sqlite c api, and it would look something like:
stmnt = sqlite3_prepare("INSERT INTO table (e1, e2) VALUES(?, ?)")
sqlite3_bind_int(stmnt,0,V1)
sqlite3_bind_blob(stmnt,1,V1)
while((row = sqlite3_step(stmnt) != SQLITE_DONE){
    //do something with the rows
This is just pseudo-code but you get the idea. You can see the values being bound don't need to be sanitized because they aren't concatenated with the string. The sqlite c api is described here.

推荐文章

坚韧的竹笋 · gold-miner/TODO/python-pandas-databases.md at master · xitu/gold-miner · GitHub

1 周前

深情的针织衫 · Automatically apply a sensitivity label in Microsoft 365 | Microsoft Learn

4 月前

高兴的烈酒 · 【网络辟谣】康师傅方便面含有日本禁用农药多菌灵？老谣言，莫信！_澎湃号·政务_澎湃新闻-The Paper

5 月前

才高八斗的松球 · 脱水泥饼堆填体的压缩及渗透特性试验研究

7 月前

逼格高的核桃 · Win10 Copilot怎么用？Win10使用Windows Copilot步骤

9 月前

还单身的红茶 · PostgreSQL -- 数组类型操作 - MySQL数据库 - 亿速云

1 年前