sql-injection-using-raw
raw()
. This could lead to SQL injection and attackers gaining access to protected information. Instead, use django’s QuerySets, which are built with query parameterization and therefore not vulnerable to sql injection. For example, you could use Entry.objects.filter(date=2006)
.sql-injection-using-rawsql
params
and not using quote placeholders in the SQL string.sql-injection-using-extra-where
params
and not using quote placeholders in the SQL string.sql-injection-db-cursor-execute
Entry.objects.filter(date=2006)
.