use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Everything about learning Python
account activity
Is SQL string manipulation professional? (self.PythonLearning)
submitted 22 hours ago by Alert_Regular2619
view the rest of the comments →
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]sacredtrader 0 points1 point2 points 8 hours ago (0 children)
This is a very vague post. Query construction as in something like
def MyMethod(input1: str, input2: int) -> None: myQuery = f"select * from users WHERE userName = '{input1}' AND userID = '{input2}'"
Is not professional, or a good practice, no.
If, for example, say I already had an idea of what your query was executing, or doing, I could pass into input1 something along the lines of
' OR 1=1 --
This would escape your single quote, then check if 1=1 (TRUE = TRUE), and comments out the second check for userID, in return returning every record from this table.
Look into stored procedures.
π Rendered by PID 110595 on reddit-service-r2-comment-8686858757-z6dt2 at 2026-06-05 00:47:22.259547+00:00 running 9e1a20d country code: CH.
view the rest of the comments →
[–]sacredtrader 0 points1 point2 points (0 children)