Mohamed’s Kindle Notes & Highlights

Django Design Patterns and Best Practices: Industry-standard web development techniques and solutions using Python, 2nd Edition, by Arun Ravindran

name = request.GET['user'] sql = "SELECT email FROM users WHERE username = '{}';".format(name) At first glance, it might appear that only the email address corresponds to the username mentioned as the GET parameter will be returned. However, imagine if an attacker entered ' OR '1'='1' in the form field, then the SQL code would be as follows: SELECT email FROM users WHERE username = '' OR '1'='1';

Basic example of SQL injection

See Mohamed’s 34 notes & 216 highlights

Django Design Patterns and Best Practices: Industry-standard web development techniques and solutions using Python, 2nd Edition

by Arun Ravindran

Rate this book

Clear rating

1 of 5 stars 2 of 5 stars 3 of 5 stars 4 of 5 stars 5 of 5 stars

Mohamed’s Kindle Notes & Highlights Django Design Patterns and Best Practices: Industry-standard web development techniques and solutions using Python, 2nd Edition, by Arun Ravindran

Mohamed’s Kindle Notes & Highlights

Django Design Patterns and Best Practices: Industry-standard web development techniques and solutions using Python, 2nd Edition, by Arun Ravindran