SQL injection in django application

Question

SQL injection in django application

I am writing a django application and I know that it handles escape strings and everything to prevent sql injections in the request ( https://docs.djangoproject.com/en/dev/topics/security/ ).

Out of curiosity, I was wondering if there are any other ways to perform sql injections in django applications? What an example?

+4

sql django mysql sql-injection

David542 Feb 02 '12 at 15:57

source share

1 answer

coppettim · Accepted Answer · 2012-02-02T16:50:45+0000

Take a look at the Django documentation ; it may be helpful.

Using Django queries, the resulting SQL will be properly escaped by the underlying database driver. However, Django also allows developers to write raw queries or execute custom sql. These features should be used sparingly, and you should always be careful to correctly remove any parameters that the user can control. In addition, you should exercise caution when using extra ().

SQL injection in django application

More articles: