4.9. Database SQL Injection¶
4.9.1. Prepare query¶
Query with SQL injection possibility:
SQL_QUERY = f"""
SELECT id, username, email
FROM users
WHERE username='{username}' AND password='{password}'
"""
4.9.2. Get user input¶
username = input('Username: ')
# ' OR 1=1; DROP TABLE users --
password = input('Password: ')
# 123