Tag: sql-injection

Using params in flux queries with Python influxdb_client

flux-influxdb influxdb influxdb-python python sql-injection

I am trying to update all of our influxdb python queries, so that they are not vulnerable to sql injections. To do this, I have read that you can use params with the query_api() and specifically with the query_data_frame() (https://medium.com/sekoia-io-blog/avoiding-injections-with-influxdb-bind-parameters-50f67e379abb) The issue I am running into is that I can not figure out how to get my params to be

Confusion between prepared statement and parameterized query in Python

database parameterized-query prepared-statement python sql-injection

As far as I understand, prepared statements are (mainly) a database feature that allows you to separate parameters from the code that uses such parameters. Example: A parameterized query substitutes the manual string interpolation, so instead of doing we can do Now, it seems that prepared statements are, for the most part, used in the database language and parameterized queries