Flask - Security Best Practices
Which of the following is the correct way to use parameterized queries with Flask's database cursor?
Which of the following is the correct way to use parameterized queries with Flask's database cursor?
easy📝 Syntax Q12 of 15
Step-by-Step Solution
Solution:
Step 1: Identify correct placeholder syntax
In Flask with many DB adapters like psycopg2, %s is used as placeholder for parameters.Step 2: Check parameter passing format
Parameters must be passed as a tuple, e.g., (user_id,). cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,)) uses %s and tuple correctly.Final Answer:
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,)) -> Option CQuick Check:
Use %s with tuple for parameters [OK]
Quick Trick: Use %s and tuple for parameters in execute() [OK]
Common Mistakes:
MISTAKES- Using f-strings directly with user input
- Using ? placeholder which is for SQLite, not psycopg2
- Passing parameters incorrectly without tuple
Master "Security Best Practices" in Flask
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Flask Quizzes