如何使用Python编写有效的SQL注入攻击防御策略

import mysql.connector
# connect to MySQL database
cnx = mysql.connector.connect(user='username', password='password', host='localhost', database='test_db')
# create a cursor object and use parameterized query
cursor = cnx.cursor()
query = ("SELECT * FROM users WHERE username = %s AND password = %s")
data = ('pidancode.com', 'password123')
cursor.execute(query, data)

import mysql.connector
# connect to MySQL database
cnx = mysql.connector.connect(user='username', password='password', host='localhost', database='test_db')
# create a cursor object and use string concatentation for query
cursor = cnx.cursor()
query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"
cursor.execute(query)

username = "' OR 1=1 #"
password = "' OR 1=1 #"

SELECT * FROM users WHERE username='' OR 1=1 #' AND password='' OR 1=1 #'

import mysql.connector
# connect to MySQL database
cnx = mysql.connector.connect(user='username', password='password', host='localhost', database='test_db')
# create a cursor object and use integer casting for ID
cursor = cnx.cursor()
query = "SELECT * FROM users WHERE id = " + int(id)
cursor.execute(query)