Flask - Security Best Practices
You want to safely search users by partial username in Flask using SQL LIKE. Which code correctly prevents SQL injection?
You want to safely search users by partial username in Flask using SQL LIKE. Which code correctly prevents SQL injection?
hard📝 component behavior Q8 of 15
Step-by-Step Solution
Solution:
Step 1: Understand parameterized LIKE queries
Use % wildcards in parameter value, not in query string.Step 2: Check options for injection risk
Only cursor.execute("SELECT * FROM users WHERE username LIKE %s", ('%' + search + '%',)) passes parameter safely; others concatenate or misuse placeholders.Final Answer:
cursor.execute("SELECT * FROM users WHERE username LIKE %s", ('%' + search + '%',)) -> Option AQuick Check:
Wildcards in parameter, not query = B [OK]
Quick Trick: Add % wildcards inside parameter string, not query [OK]
Common Mistakes:
MISTAKES- Putting % in query string
- Using f-strings with user input
Master "Security Best Practices" in Flask
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore Flask Quizzes