I have the following python code: row = conn.execute(”’SELECT admin FROM account WHERE password

Question

0

Asked: May 20, 20262026-05-20T18:51:40+00:00 2026-05-20T18:51:40+00:00

I have the following python code: row = conn.execute(”’SELECT admin FROM account WHERE password

0

I have the following python code:

row = conn.execute('''SELECT admin FROM account WHERE password = ?''',
(request.headers.get('X-Admin-Pass'),)).fetchone()

My question is whether this code is secure for SQL injection? Since I use parameterized query it should be. However, since I am passing user information straight from the header, I am a little worried 🙂

Any thoughts about the issue?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T18:51:41+00:00

Editorial Team

2026-05-20T18:51:41+00:00Added an answer on May 20, 2026 at 6:51 pm

The way that you are inserting the data into the database will ensure that an SQL attack will not work, the execute method will automatically escape the parameters that you passed as a tuple as its second parameter to the query.

You are doing that correctly.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have the following python code: row = conn.execute(”’SELECT admin FROM account WHERE password

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply