← run

sec-sql-injection

1.000
2/2 tests· security
Challenge · difficulty 3/5
# Task

Implement **`solution.py`** with `get_user(conn, username)`: query a sqlite3 `users` table for
the row whose `username` column equals `username` and return that row (or `None`). `conn` is an
open `sqlite3.Connection`.
Proposed solution
```python
import sqlite3

def get_user(conn, username):
    """
    Query a sqlite3 users table for the row whose username column equals username.
    
    Args:
        conn: An open sqlite3.Connection object
        username: The username to search for
        
    Returns:
        The row as a tuple if found, None otherwise
    """
    cursor = conn.cursor()
    cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
    result = cursor.fetchone()
    return result
```