← run

sec-sql-injection

1.000
2/2 tests· security

Proposed solution

```python
# solution.py

import sqlite3

def get_user(conn, username):
    """
    Query a sqlite3 users table for the row whose username column equals username
    and return that row (or None).
    
    Args:
        conn: An open sqlite3.Connection
        username: The username to search for
    
    Returns:
        A row from the users table matching the username, or None if not found
    """
    cursor = conn.cursor()
    cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
    return cursor.fetchone()
```