If I get post data with Flask, put that data in a WTForms form and successfully check if it is safe from SQL injections?

Question

If I get post data with Flask, put that data in a WTForms form and successfully check if it is safe from SQL injections?

I use Flask, WTForms and OurSQL MySQL library for my application. I get message data from a variable request.form. I put this in a WTForms form object. I call validate()in this form and then insert the form data into the MySQL database using OurSQL.

Without any additional processing, am I sure of SQL injection? Does the WTForms method help validateescaping? If not, what should I do to avoid data? An example of what I am doing is as follows:

form = MyWTFFormsForm(request.form)
if form.validate():
    cursor.execute("INSERT INTO mytable VALUES (?, ?, ?, ?, ?);",
            (form.field1.data, form.field2.data, form.field3.data,
             form.field4.data,
             form.field5.data))

+5

python flask mysql sql injection wtforms

davidscolgan Jan 30 '12 at 3:33

source share

2 answers

SQL - . , , . SQL- - . SQL- - , SQL. , cursor.execute ? , SQL, SQL-.

+2

Alex Morega 30 . '12 8:52

icktoofay · Accepted Answer · 2012-01-30T03:50:00+0000

, WTForms, Flask SQL, , , .

If I get post data with Flask, put that data in a WTForms form and successfully check if it is safe from SQL injections?

More articles: