python
9 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
import psycopg
with psycopg.connect(conninfo) as connection:
with connection.cursor() as cursor:
cursor.execute(
'SELECT id, email FROM users WHERE email = %s',
(email,),
)
record = cursor.fetchone()
1 file · python
Explain with highlit
Even outside ORMs, parameterized database access needs to be the default habit. The query string should describe structure while the driver binds user values separately. That sounds basic, but it is still where too many internal tools quietly fail security review.
Share this code
Here's the card — post it anywhere.