xxxxxxxxxx
import sqlite3
# Establish a connection to the database
connection = sqlite3.connect("example.db")
cursor = connection.cursor()
# Define the user input
user_input = "John' OR '1'='1' --"
# Using a parameterized query
query = "SELECT * FROM users WHERE username = ? AND password = ?"
cursor.execute(query, (user_input, "password"))
# Fetch the results
results = cursor.fetchall()
# Process the results
for row in results:
print(row)
# Close the connection
cursor.close()
connection.close()