Protection from SQL injection

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;







up vote
1
down vote

favorite












I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.



@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)

if login is None:
return jsonify(data='Incorrect URL')

try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)

id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')

c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]

c.close()
conn.close()
except Exception as e:
return str(e)

return render_template(
"private.html",
id=mc_address
)


Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?



As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?







share|improve this question





















  • Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
    – Daniel
    Jan 13 at 13:40











  • Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
    – Ivan
    Jan 13 at 13:53






  • 1




    I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:03










  • Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:10











  • No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
    – Ivan
    Jan 13 at 17:22
















up vote
1
down vote

favorite












I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.



@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)

if login is None:
return jsonify(data='Incorrect URL')

try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)

id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')

c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]

c.close()
conn.close()
except Exception as e:
return str(e)

return render_template(
"private.html",
id=mc_address
)


Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?



As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?







share|improve this question





















  • Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
    – Daniel
    Jan 13 at 13:40











  • Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
    – Ivan
    Jan 13 at 13:53






  • 1




    I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:03










  • Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:10











  • No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
    – Ivan
    Jan 13 at 17:22












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.



@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)

if login is None:
return jsonify(data='Incorrect URL')

try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)

id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')

c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]

c.close()
conn.close()
except Exception as e:
return str(e)

return render_template(
"private.html",
id=mc_address
)


Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?



As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?







share|improve this question













I have this code, which is working correctly, but I am sure that it allows SQL injection attacks.



@app.route('/private/')
def private():
login = request.args.get('login', default=None, type=str)

if login is None:
return jsonify(data='Incorrect URL')

try:
c, conn = cursor_connection()
c = conn.cursor()
c.execute("SELECT uid "
"FROM logins_passwords "
"WHERE login='' "
"".format(login)
)

id = c.fetchall()
if not id:
return jsonify(data='Incorrect login')

c.execute("SELECT mc_address "
"FROM boxes_id "
"WHERE uid='' "
"".format(id[0][0])
)
mc_address = c.fetchall()[0][0]

c.close()
conn.close()
except Exception as e:
return str(e)

return render_template(
"private.html",
id=mc_address
)


Access is available by URL request. How can I protect it against SQL injection? If I'm right, I think that changing access method to POST can solve all problems with security here?



As far as I understand, in cases of only POST requests allowed, the attacker will have no ability to inject SQL request through a URL. How can it be possible to execute SQL requests than?









share|improve this question












share|improve this question




share|improve this question








edited Jan 14 at 23:32









Jamal♦

30.1k11114225




30.1k11114225









asked Jan 13 at 11:32









Ivan

265




265











  • Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
    – Daniel
    Jan 13 at 13:40











  • Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
    – Ivan
    Jan 13 at 13:53






  • 1




    I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:03










  • Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:10











  • No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
    – Ivan
    Jan 13 at 17:22
















  • Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
    – Daniel
    Jan 13 at 13:40











  • Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
    – Ivan
    Jan 13 at 13:53






  • 1




    I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:03










  • Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
    – JanErikGunnar
    Jan 13 at 17:10











  • No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
    – Ivan
    Jan 13 at 17:22















Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
– Daniel
Jan 13 at 13:40





Switching to POST will not protect against SQL attacks (and a whole range of other attacks).
– Daniel
Jan 13 at 13:40













Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
– Ivan
Jan 13 at 13:53




Why not? Attacker will have no abillity to inject SQL request through URL, how can it be possible to execute SQL requests?
– Ivan
Jan 13 at 13:53




1




1




I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
– JanErikGunnar
Jan 13 at 17:03




I don't think the code is working correctly. It is trivial to create a POST request to your server and setting "login" parameter to the value: " not a valid user' OR '1' = '1 " You MUST do either input sanitation or do a parameterized query.
– JanErikGunnar
Jan 13 at 17:03












Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
– JanErikGunnar
Jan 13 at 17:10





Reading the query again, I realize that you were already aware of the vulnerability, I got confused because in my mind "working correctly" and "allows SQL injection attack" are mutually exclusive :) Though even disregarding security, it will fail if the user happens to have a username containing a single quote and some other characters. As mentioned, uou MUST do either input sanitation or do a parameterized query.
– JanErikGunnar
Jan 13 at 17:10













No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
– Ivan
Jan 13 at 17:22




No problem:) Can you provide a simple example based on my code so I could realize how secure SQL request should look like..?
– Ivan
Jan 13 at 17:22















active

oldest

votes











Your Answer




StackExchange.ifUsing("editor", function ()
return StackExchange.using("mathjaxEditing", function ()
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix)
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
);
);
, "mathjax-editing");

StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "196"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f185030%2fprotection-from-sql-injection%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f185030%2fprotection-from-sql-injection%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

Chat program with C++ and SFML

Function to Return a JSON Like Objects Using VBA Collections and Arrays

Will my employers contract hold up in court?