'Safe column and table names substitution pymssql
I use pymssql lib in python code for sql queries.
I have sql query like "select * from %s". I want replace %s by table name. How can I make sure that query not have sql injections? For parameters substitution I can use execute or pymssql._mssql.substitute_params methods. Can I somehow check that the parameter contain only one indefier?
This article recomend use Identifier method from psycopg2 for posgresql. pymssql have something like that?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|