I would like someone to help me with an excerpt of this SQL and Python code

Asked

Viewed 36 times

-1

I’m trying to capture a flag of the site Hacker101 CFT and I came across a code snippet.

IN THAT SPECIFIC PART:

 if cur.execute('SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')) == 0:

would like to know the meaning of these symbols ( '%s '' %) in the language, after the word username, I intend to study this part to understand the code completely but do not know which keyword to use to search on these ( '%s' %) symbols.

// TRECHO DA MENSAGEM DE ERRO COMPLETO

Traceback (most recent call last):
  File "./main.py", line 145, in do_login
    if cur.execute('SELECT password FROM admins WHERE username=\'%s\'' % request.form['username'].replace('%', '%%')) == 0:
  File "/usr/local/lib/python2.7/site-packages/MySQLdb/cursors.py", line 255, in execute
    self.errorhandler(self, exc, value)
  File "/usr/local/lib/python2.7/site-packages/MySQLdb/connections.py", line 50, in defaulterrorhandler
    raise errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''''' at line 1")
sql python

1 answer

1

This %s is from the Python String Format, serves for you to format strings, see the example below.

name = "Mundo"
print("Olá  %s!" %name)

The output of the command below is: 

Olá Mundo!

The %s is used when vc will replace with a string, it also has the %d for when it is a numeral.
You can see more about string format here.

  • I understood perfectly! Thank you Murilo.

  • @Raiurisantos if the answer was useful consider it as correct to help other people with the same doubt.

Browser other questions tagged sql python

You are not signed in. Login or sign up in order to post.