sec-sql-injection
1.000
Challenge · difficulty 3/5
# Task Implement **`solution.py`** with `get_user(conn, username)`: query a sqlite3 `users` table for the row whose `username` column equals `username` and return that row (or `None`). `conn` is an open `sqlite3.Connection`.
Proposed solution
```python
import sqlite3
def get_user(conn, username):
"""
Query a sqlite3 `users` table for the row whose `username` column equals `username`
and return that row (or `None`).
Args:
conn: An open sqlite3.Connection object.
username: The username to search for.
Returns:
The row as a tuple if found, otherwise None.
"""
cursor = conn.cursor()
cursor.execute("SELECT * FROM users WHERE username = ?", (username,))
return cursor.fetchone()
```