SQL Injection em python

Python

SQLite

19/05/2021

Estou com medo de meu código esteja vulnerável a sql injection.

self._sqlhandle.connect(DB_USERS)
connected = self._sqlhandle.chk_conn()
logged_in = False

if connected:

    user = str(self._user_input.get())
    password = str(self._pass_input.get())

    self._sqlhandle.execute(f"""SELECT usuario FROM {self._sqlhandle.table_name[0]}""")

    for user_data in self._sqlhandle.cursor.fetchall():
	    if user == user_data[0]:
		    user_exist = True
		    break
	    else:
		    user_exist = False


Alguma opnião?
Jefferson

Jefferson

Curtidas 0
POSTAR