Skip to content

Latest commit

 

History

History
13 lines (7 loc) · 670 Bytes

B610.md

File metadata and controls

13 lines (7 loc) · 670 Bytes

Pattern: Potential SQL injection on extra()

Issue: -

Description

SQL injection is a type of attack where a malicious user is able to execute arbitrary SQL code on a database. This can result in records being deleted or data leakage.

Django gives developers power to write raw queries or execute custom SQL. These capabilities should be used sparingly and you should always be careful to properly escape any parameters that the user can control. In addition, you should exercise caution when using extra() and RawSQL.

Further Reading