The training in sources/curriculum/software/python_sql.md doesn't say anything about potential SQL injection issues, and is training folks to write potentially unsafe code. There should at least be a mention of SQL injection attacks, or the training should be rewritten to use bound parameters.
The training in
sources/curriculum/software/python_sql.mddoesn't say anything about potential SQL injection issues, and is training folks to write potentially unsafe code. There should at least be a mention of SQL injection attacks, or the training should be rewritten to use bound parameters.