Python中的以下语句是否受到足够的保护以免受SQL注入攻击?
read_sql = """ SELECT LinkedAccountId,ProductName,ItemDescription,ResourceId,UnBlendedCost,UnBlendedRate,Name,Owner,Engagement FROM billing_info where LinkedAccountId= """ + aws_account_number + """;"""
insert_sql = """ INSERT INTO billing_info_test (InvoiceId, PayerAccountId, LinkedAccountId, RecordType, RecordId, ProductName, RateId, SubscriptionId, PricingPlanId, UsageType, Operation, AvailabilityZone, ReservedInstance, ItemDescription, UsageStartDate, UsageEndDate, UsageQuantity, BlendedRate, BlendedCost, UnBlendedRate, UnBlendedCost, ResourceId) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) ;"""
AWS帐号由一个名为“ aws_account”的变量确定。用户使用输入功能输入“ aws_account”。然后,将“ aws_account”变量传递给具有字典的另一个函数,该字典具有“ aws_account”名称到“ aws_account_numbers”的映射。
我正在使用executemany语句cursor.executemany(insert_sql,rows)插入行。