Bird
0
0

What will happen if you use string concatenation to build a SQL query in Flask like this? ```python query = "SELECT * FROM users WHERE username = '" + username + "'" cursor.execute(query) ```

medium📝 Predict Output Q5 of 15
Flask - Security Best Practices
What will happen if you use string concatenation to build a SQL query in Flask like this? ```python query = "SELECT * FROM users WHERE username = '" + username + "'" cursor.execute(query) ```
AThe query runs safely without risk
BIt may cause SQL injection if username is malicious
CThe database will reject the query syntax
DFlask automatically sanitizes the input
Step-by-Step Solution
Solution:

  1. Step 1: Analyze string concatenation risk

    Concatenating user input directly allows injection of SQL code.

  2. Step 2: Understand Flask's behavior

    Flask does not sanitize input automatically; risk remains.

  3. Final Answer:

    It may cause SQL injection if username is malicious -> Option B

  4. Quick Check:

    Direct concatenation = injection risk = D [OK]
Quick Trick: Never build SQL queries by concatenating user input [OK]
Common Mistakes:
MISTAKES
  • Assuming Flask sanitizes input automatically
  • Ignoring injection risks

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Flask Quizzes
Deployment - Logging in production - Quiz 3easy Deployment - Logging in production - Quiz 2easy Flask Ecosystem and Patterns - Flask vs Django decision - Quiz 2easy Flask Ecosystem and Patterns - Migrating to async Flask - Quiz 9hard Flask Ecosystem and Patterns - Command pattern with Flask CLI - Quiz 7medium Middleware and Extensions - Why middleware extends functionality - Quiz 9hard Middleware and Extensions - Before_request as middleware alternative - Quiz 3easy Performance Optimization - Profiling Flask applications - Quiz 13medium Security Best Practices - Password storage best practices - Quiz 1easy Testing Flask Applications - Testing with database - Quiz 5medium