Complete the code to safely query a user by ID using parameterized queries.
cursor.execute("SELECT * FROM users WHERE id = [1]", (user_id,))
Using %s as a placeholder in parameterized queries prevents SQL injection by separating code from data.
Complete the code to test if the input is vulnerable to SQL injection by adding a common attack string.
test_input = "admin' OR 1=1 --" + [1]
The common injection string ends with -- to comment out the rest of the query, so no extra characters are needed after it.
Fix the error in the code that tries to detect SQL injection by checking for dangerous keywords.
if any(keyword in user_input.lower() for keyword in [1]): print("Potential SQL injection detected")
The code expects a list of keywords to check individually. A list of strings is correct.
Fill both blanks to create a safe SQL query using parameterized inputs and prevent injection.
query = "SELECT * FROM users WHERE username = [1]" cursor.execute(query, ([2],))
The query uses %s as a placeholder, and the actual user input variable is passed as a tuple to execute.
Fill all three blanks to create a dictionary comprehension that filters out inputs containing SQL injection risk keywords.
safe_inputs = {input_str: len(input_str) for input_str in inputs if not any([1] in input_str.lower() for [2] in [3])}The comprehension checks if any keyword from the list is in the input string (case-insensitive). It uses a variable keyword to iterate over the list of keywords.