防止 SQL 注入

  1. import mysql.connector
  2.  
  3. mydb = mysql.connector.connect(
  4. host="localhost",
  5. user="myusername",
  6. passwd="mypassword",
  7. database="mydatabase"
  8. )
  9.  
  10. mycursor = mydb.cursor()
  11.  
  12. sql = "SELECT * FROM customers WHERE address = %s"
  13. adr = ("Yellow Garden 2", )
  14.  
  15. mycursor.execute(sql, adr)
  16.  
  17. myresult = mycursor.fetchall()
  18.  
  19. for x in myresult:
  20. print(x)