Mikroi
commented
3 years ago Hi Vince,
We have not yet gone over this. I would really like to learn about it. I read pretty quickly through the article you posted. I was able to get the main gist, but much it of it is over my head. I would love to learn more about this.
Thank you!
Hey!
Not sure if you've covered this at all in your learning (totally fine if not), but line 14 in main.py is vulnerable to a classic security issue called a SQL injection attack:
query = cursor.execute("SELECT * FROM Dictionary WHERE Expression = '%s' " % word)For an explanation and information on how to avoid this security issue, see: https://realpython.com/prevent-python-sql-injection/
Happy to chat through it as well to go over the concept.