How to Check for SQL Injection (SQLI) Attacks using Python
If you’re looking to secure your website’s database, you should certainly check for malicious SQL statements from the client side. Such statements, known better as SQLI Attacks, can gain access to your database and even make changes to it by usurping administrative permissions. Thankfully, there’s an API for that. Our SQLI Detection API identifies such attacks from text input and provides a simple Boolean indicating the presence (or lack) of a SQLI attack. You can take advantage of this API for free with a free-tier API key (obtainable by registering a free account on our website). Below, we’ll walk through how to structure your API Call using ready-to-run code snippets in Python.
Let’s start by installing the SDK:
pip install cloudmersive-security-api-clientNext, let’s add the imports & the API key authorization snippet:
from __future__ import print_function
import time
import cloudmersive_security_api_client
from cloudmersive_security_api_client.rest import ApiException
from pprint import pprint# Configure API key authorization: Apikey
configuration = cloudmersive_security_api_client.Configuration()
configuration.api_key['Apikey'] = 'YOUR_API_KEY'
Lastly, let’s call the function and get our SQLI detection results:
# create an instance of the API class
api_instance = cloudmersive_security_api_client.ContentThreatDetectionApi(cloudmersive_security_api_client.ApiClient(configuration))
value = 'value_example' # str | User-facing text input.try:
# Check text input for SQL Injection (SQLI) attacks
api_response = api_instance.content_threat_detection_check_sql_injection_string(value)
pprint(api_response)
except ApiException as e:
print("Exception when calling ContentThreatDetectionApi->content_threat_detection_check_sql_injection_string: %s\n" % e)
That’s all the code you’ll need. Below, you can review a sample API response JSON:
{
"Successful": true,
"ContainedSqlInjectionAttack": true,
"OriginalInput": "string"
}
