I am trying to update all of our influxdb python queries, so that they are not vulnerable to sql injections. To do this, I have read that you can use params with the query_api() and specifically with the query_data_frame() (https://medium.com/sekoia-io-blog/avoiding-injections-with-influxdb-bind-parameters-50f67e379abb) The issue I am running into is that I can not figure out how to get my params to be
Tag: sql-injection
Confusion between prepared statement and parameterized query in Python
As far as I understand, prepared statements are (mainly) a database feature that allows you to separate parameters from the code that uses such parameters. Example: A parameterized query substitutes the manual string interpolation, so instead of doing we can do Now, it seems that prepared statements are, for the most part, used in the database language and parameterized queries