Hello, I searched the internet for the characters to remove, but the search did not answer my question .. So, I tried to know about anti-sqlinjection in python, but I did not find any way to do this by directly removing the characters when forming the string ... I only found static type solutions, where you already have the command running, for me this type it does not serve because I have dynamic ways to get the results depending on the result such.
I need the variable to be formed as follows:
senha=d[6:]
con=consultarSql()
if senha!="":
sql="SELECT id FROM motorista WHERE senha="+"'"+antisql(senha)+"'"
myresult=con.consultar(sql)
For the time being the only character I am removing is a tab, because it was disrupting
It would look like this:
def antisql(string):
string=string.replace(" ","")
string=string.replace("'","")
string=string.replace("\"","")
string=string.replace("\","")
....aqui da replace nas outras caracteres
What I need is a complete list of characters that might come to trouble me. - > Just to figure out my software the python part is a websocket, and it gives a json result, so I removed that larger space character < - it's not the normal space, it's not a larger space character, it buga json ..