Skip to content
Advertisement

Tag: sql-injection

Using params in flux queries with Python influxdb_client

I am trying to update all of our influxdb python queries, so that they are not vulnerable to sql injections. To do this, I have read that you can use params with the query_api() and specifically with the query_data_frame() (https://medium.com/sekoia-io-blog/avoiding-injections-with-influxdb-bind-parameters-50f67e379abb) The issue I am running into is that I can not figure out how to get my params to be

Confusion between prepared statement and parameterized query in Python

As far as I understand, prepared statements are (mainly) a database feature that allows you to separate parameters from the code that uses such parameters. Example: A parameterized query substitutes the manual string interpolation, so instead of doing we can do Now, it seems that prepared statements are, for the most part, used in the database language and parameterized queries

Advertisement