How to Prevent SQL Injection When Using Delete Statements in Python MySQL


In this example, we will learn how to prevent SQL injection when using delete statements in Python MySQL.

Source Code

import mysql.connector

mydb = mysql.connector.connect(
    host="localhost",
    port=3306,
    user="yourusername",
    password="yourpassword",
    db="mydatabase"
)

mycursor = mydb.cursor()

sql = "DELETE FROM us_state WHERE Capital = %s"
capital = ('Denver', )

mycursor.execute(sql, capital)

mydb.commit()

print(mycursor.rowcount, "record was deleted.")

# close the connection
mydb.close()

Output:

1 record was deleted.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments