Improve SQL INSERT query to avoid sql injections

… msg.topic.startswith(“messages”): self.insertStatement += “INSERT INTO mydatabase.table3 VALUES (‘” + msg.topic + “‘,” + msg.payload.decode(“utf-8”) + “,” + datetime + “);” else: return # do not store in DB cursor.execute(self.insertStatement) cursor.commit(). python mysql sql sql-injection sql-insert.

Related: