What can be added to prevent SQL injection
# query to check password and get permissions
query = "select permissions from users where name=? and pwd=?".format(name, pwd)
# setup ssh tunnel
with SSHTunnelForwarder(
('xxxx', 22),
ssh_password='xxxx',
ssh_username='p11179711',
remote_bind_address=('localhost', 3306)) as server:
# connect to database via ssh-tunnel and run query
cnx = mysql.connector.connect(user='xxxx', password='xxxx',
host='xxxx', port=server.local_bind_port,
database='xxxx')
cursor = cnx.cursor()
cursor.execute(query)
permissions = cursor.fetchall()
# query to check password and get permissions
query = "select permissions from users where name=? and pwd=?".format(name, pwd)
# setup ssh tunnel
with SSHTunnelForwarder(
('xxxx', 22),
ssh_password='xxxx',
ssh_username='p11179711',
remote_bind_address=('localhost', 3306)) as server:
# connect to database via ssh-tunnel and run query
cnx = mysql.connector.connect(user='xxxx', password='xxxx',
host='xxxx', port=server.local_bind_port,
database='xxxx')
cursor = cnx.cursor()
cursor.execute(query)
permissions = cursor.fetchall()