Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!weretis.net!feeder4.news.weretis.net!ecngs!feeder2.ecngs.de!217.188.199.168.MISMATCH!takemy.news.telefonica.de!telefonica.de!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.080 X-Spam-Evidence: '*H*': 0.84; '*S*': 0.00; 'filename:fname piece:py': 0.07; 'subject:script': 0.09; 'python': 0.11; "'bad": 0.16; 'url:file': 0.16; 'url:py': 0.16; 'please?': 0.24; 'script': 0.25; 'message-id:@mail.gmail.com': 0.30; 'coded': 0.31; 'url:python': 0.33; 'subject:from': 0.34; 'could': 0.34; 'received:google.com': 0.35; 'subject:?': 0.36; 'thank': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'how': 0.40; 'tell': 0.60; 'you.': 0.62; 'content-type:application/octet-stream': 0.65; 'protect': 0.79; 'why?': 0.91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=QGX1S6CFqzFRWJrjYwu1IL/QBuW/tSXlDIoniJqzv5o=; b=pCP4eEHFymFuo9OkKpOZ9jUs53obs4GcyPVi3zUt8KySJU+1YeJVkiBTqfmY1/qreZ ef8BOt6VeKKJDLCkFFF1h6wYzObeua/EFpT6XiTHssKBvMAlctQPmr7DXm37+tLdPqSI 24macfFZxDC40AO3un26wY32w1z8bt/ByUF0rFwk4Luvwwir+Y9rI2PsQV9u72Oj70Ps d5h0orZgYxo8agq/SAqXrEAOBDIUAbQ4hAofTmWtRtnl0wv1T8xrxZJDaQSEkkLVW7F9 SSmgd8yfNwj0hXMM3QfFpgrG1Pbsi20jb2a6MMLvnnOxTQVK2QZfimt2eEPtG3J3N7nY zuqA== MIME-Version: 1.0 X-Received: by 10.224.169.20 with SMTP id w20mr14549369qay.2.1403733506942; Wed, 25 Jun 2014 14:58:26 -0700 (PDT) Date: Wed, 25 Jun 2014 23:58:26 +0200 Subject: protect psycopg script from sql injection? From: celati Laurent To: python-list@python.org Content-Type: multipart/mixed; boundary=089e015386500a7e8b04fcb02d4d X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 104 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1403733516 news.xs4all.nl 2976 [2001:888:2000:d::a6]:58346 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:73594 --089e015386500a7e8b04fcb02d4d Content-Type: multipart/alternative; boundary=089e015386500a7e8604fcb02d4b --089e015386500a7e8604fcb02d4b Content-Type: text/plain; charset=UTF-8 Hello, I coded this following python script via psycopg; web_service_test.py 1/ When i execute it, the result is 'bad resquest'. Could you tell me why? 2/ Could you tell me how to protect this script from SQL injections please? Thank you. --089e015386500a7e8604fcb02d4b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable --089e015386500a7e8604fcb02d4b-- --089e015386500a7e8b04fcb02d4d Content-Type: application/octet-stream; name="web_service_test.py" Content-Disposition: attachment; filename="web_service_test.py" Content-Transfer-Encoding: base64 X-Attachment-Id: f_hwv6lloo0 IyEvUHl0aG9uMjcvcHl0aG9uLmV4ZQ0KDQojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIw0KIyBpbXBvcnRh dGlvbiBkZSBsJ2FkYXB0YXRldXINCmltcG9ydCBwc3ljb3BnMg0KDQojIFRyeSB0byBjb25uZWN0 DQoNCnRyeToNCiAgICBjb25uPXBzeWNvcGcyLmNvbm5lY3QoZGJuYW1lPSd3ZWJfc2VydmljZScs IHVzZXI9J2xhdXJlbnQnLCBob3N0PSdsb2NhbGhvc3QnLCBwYXNzd29yZD0nY2FjdHVzJykNCg0K ZXhjZXB0Og0KICAgIHByaW50ICJJIGFtIHVuYWJsZSB0byBjb25uZWN0IHRvIHRoZSBkYXRhYmFz ZSINCg0KDQojIERlZmluaXRpb24gb2YgdGhlIGN1cnNvcg0KY3VyID0gY29ubi5jdXJzb3IoKQ0K DQojIE1vZGlmaWNhdGlvbiBkdSBuaXZlYXUgZCcgImwnaXNvbGVtZW50IiBkZSBsYSBiZA0KY29u bi5zZXRfaXNvbGF0aW9uX2xldmVsKDApDQoNCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjDQoNCg0KIyBJ bnRlcnNlY3Rpb24gYmV0d2VlbiBvbmUgcG9pbnQgYW5kIGEgdmVjdG9yIGxheWVyDQoNCg0KdHJ5 Og0KDQogICAgIz8/UGFyYW1ldHJlcyA6DQoNCiAgICB4ID0gNjc5ODUwDQogICAgeSA9IDY5NzEw MDYNCg0KICAgIHNlbGVjdFN0cmluZyA9ICJTRUxFQ1QgU1RfQXNUZXh0KGdlb20pLCBjdWx0X2xp YiBGUk9NIHJwZyBXSEVSRSBTVF9JbnRlcnNlY3RzKFNFTEVDVCBTVF9HZW9tRnJvbVRleHQoJ1BP SU5UKCVzICVzKScsMjE1NCksIHJwZykiICUgKHgsIHkpDQoNCiAgICBjdXIuZXhlY3V0ZShzZWxl Y3RTdHJpbmcpDQogICAgcmVzdWx0cyA9IGN1ci5mZXRjaGFsbCgpDQogICAgcmVzcG9uc2Vfb2Jq ZWN0cyA9IFtdDQogICAgZm9yIHJvdyBpbiByZXN1bHRzOg0KICAgICAgICBnZW9tID0gcm93WzBd DQogICAgICAgIGF0dHJpYiA9IHJvd1sxXQ0KICAgICAgICByZXNwb25zZV9kYXRhID0ge30NCiAg ICAgICAgcmVzcG9uc2VfZGF0YVsnZ2VvbSddID0gZ2VvbQ0KICAgICAgICByZXNwb25zZV9kYXRh WydhdHRyaWInXSA9IGF0dHJpYg0KDQogICAgcHJpbnQganNvbi5kdW1wcyhyZXNwb25zZV9kYXRh KQ0KDQpleGNlcHQ6DQogICAgcHJpbnQgIkJhZCByZXF1ZXN0Ig0KDQojIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIw0KDQojIEludGVyc2VjdGlvbiBiZXR3ZWVuIG9uZSBwb2ludCBhbmQgdGhlIHJhc3RlciAo REVNKQ0KDQp0cnk6DQoNCiAgICAjUGFyYW1ldHJlcyA6DQoNCiAgICB4ID0gNjc5ODUwDQogICAg eSA9IDY5NzEwMDYNCg0KICAgIHNlbGVjdFN0cmluZyA9ICJXSVRIIHBvaW50czJkIEFTKFNFTEVD VCBTVF9HZW9tRnJvbVRleHQoJ1BPSU5UKCVzICVzKScsMjE1NCkgQVMgZ2VvbSkgU0VMRUNUIFNU X1ZhbHVlKGJkX2FsdGlfMjVtX3NvbW1lLnJhc3QsIDEsIHAuZ2VvbSwgdHJ1ZSkgQVMgdmFsIEZS T00gYmRfYWx0aV8yNW1fc29tbWUsIHBvaW50czJkIHAgV0hFUkUgU1RfSW50ZXJzZWN0cyhiZF9h bHRpXzI1bV9zb21tZS5yYXN0LCBwLmdlb20pIiAlICh4LCB5KQ0KDQoNCiAgICBjdXIuZXhlY3V0 ZShzZWxlY3RTdHJpbmcpDQogICAgcmVzdWx0cyA9IGN1ci5mZXRjaGFsbCgpDQogICAgcmVzcG9u c2Vfb2JqZWN0cyA9IFtdDQogICAgZm9yIHJvdyBpbiByZXN1bHRzOg0KICAgICAgICBnZW9tID0g cm93WzBdDQogICAgICAgIGF0dHJpYiA9IHJvd1sxXQ0KICAgICAgICByZXNwb25zZV9kYXRhID0g e30NCiAgICAgICAgcmVzcG9uc2VfZGF0YVsnZ2VvbSddID0gZ2VvbQ0KDQoNCiAgICBwcmludCBq c29uLmR1bXBzKHJlc3BvbnNlX2RhdGEpDQoNCmV4Y2VwdDoNCiAgICBwcmludCAiQmFkIHJlcXVl c3QiDQo= --089e015386500a7e8b04fcb02d4d--