in src/python/detectors/sql_injection/sql_injection.py [0:0]
def execute_query_compliant(request):
import re
import sqlite3
name = request.GET.get("name")
query = "SELECT * FROM Users WHERE name = "
+ re.sub('[^a-zA-Z]+', '', name) + ";"
with sqlite3.connect("example.db") as connection:
cursor = connection.cursor()
# Compliant: user input is sanitized before use.
cursor.execute(query)
connection.commit()
connection.close()