Exemplo n.º 1
0
 def test_escape_malicious(self):
     query = "select * from foo where bar > :baz"
     result = str(_bind_parameters(query, {"baz": '1; drop table foo'}))
     # note the inner quotes
     expected = "select * from foo where bar > '1; drop table foo'"
     assert result == expected
Exemplo n.º 2
0
 def test_escape_basic(self):
     query = "select * from foo where bar > :baz"
     result = str(_bind_parameters(query, {"baz": 10}))
     expected = 'select * from foo where bar > 10'
     assert result == expected