Bird
0
0

Given this code snippet: user_input = "1; DROP TABLE users;" User.objects.filter(id=user_input) What happens when this runs?

medium📝 Predict Output Q5 of 15
Django - Security Best Practices
Given this code snippet: user_input = "1; DROP TABLE users;" User.objects.filter(id=user_input) What happens when this runs?
AThe users table is dropped from the database
BA syntax error is raised
CThe ORM safely treats input as a parameter, no table is dropped
DThe query returns all users
Step-by-Step Solution
Solution:

  1. Step 1: Understand parameter handling in filter()

    Input is passed as a parameter, not executed as SQL.

  2. Step 2: Assess risk of injection

    SQL injection does not occur; dangerous input is treated as a string.

  3. Final Answer:

    The ORM safely treats input as a parameter, no table is dropped -> Option C

  4. Quick Check:

    Parameter safety = No injection [OK]
Quick Trick: Dangerous input is safe with ORM filters [OK]
Common Mistakes:
MISTAKES
  • Believing input runs as SQL commands
  • Expecting errors from semicolons in input

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Django Quizzes
Async Django - Async middleware - Quiz 12easy Caching - Cache framework configuration - Quiz 13medium Caching - Why caching matters for performance - Quiz 11easy DRF Advanced Features - Throttling for rate limiting - Quiz 14medium DRF Advanced Features - Filtering with django-filter - Quiz 11easy Deployment and Production - Gunicorn as WSGI server - Quiz 10hard Django REST Framework Basics - ModelSerializer for model-backed APIs - Quiz 8hard Django REST Framework Basics - ViewSets and routers - Quiz 5medium Django REST Framework Basics - DRF installation and setup - Quiz 15hard Testing Django Applications - Testing views with Client - Quiz 11easy