Book Image

Learn Web Development with Python

By : Fabrizio Romano, Gaston C. Hillar, Arun Ravindran
Book Image

Learn Web Development with Python

By: Fabrizio Romano, Gaston C. Hillar, Arun Ravindran

Overview of this book

If you want to develop complete Python web apps with Django, this Learning Path is for you. It will walk you through Python programming techniques and guide you in implementing them when creating 4 professional Django projects, teaching you how to solve common problems and develop RESTful web services with Django and Python. You will learn how to build a blog application, a social image bookmarking website, an online shop, and an e-learning platform. Learn Web Development with Python will get you started with Python programming techniques, show you how to enhance your applications with AJAX, create RESTful APIs, and set up a production environment for your Django projects. Last but not least, you’ll learn the best practices for creating real-world applications. By the end of this Learning Path, you will have a full understanding of how Django works and how to use it to build web applications from scratch. This Learning Path includes content from the following Packt products: • Learn Python Programming by Fabrizio Romano • Django RESTful Web Services by Gastón C. Hillar • Django Design Patterns and Best Practices by Arun Ravindran
Table of Contents (33 chapters)
Title Page
About Packt
Contributors
Preface
Index

SQL injection


SQL injection is the second most common vulnerability of web applications, after XSS. The attack involves entering malicious SQL code into a query that gets executed on the database. It could result in data theft, by dumping database content, or the destruction of data, say, by using the DROP TABLE command.

If you are familiar with SQL, then you can understand the following piece of code; it looks up an email address based on the given username:

name = request.GET['user'] 

sql = "SELECT email FROM users WHERE username = '{}';".format(name) 

 

 

 

 

At first glance, it might appear that only the email address corresponds to the username mentioned as the GET parameter will be returned. However, imagine if an attacker entered ' OR '1'='1' in the form field, then the SQL code would be as follows:

SELECT email FROM users WHERE username = '' OR '1'='1'; 

Since this WHERE clause will always be true, the emails of all the users of your application will be returned. This can be a serious leak...