Files
2025-05-20 11:57:43 -04:00

17 lines
411 B
Python

#!/usr/bin/env python
#
good_input = 'Google'
malicious_input = "'; drop table customers; -- " # <1>
naive_format = "select * from customers where company_name = '{}' and company_id != 0"
good_query = naive_format.format(good_input) # <2>
malicious_query = naive_format.format(malicious_input) # <2>
print("Good query:")
print(good_query) # <3>
print()
print("Bad query:")
print(malicious_query) # <4>