google-ads-apigoogle-ads-script

How to avoid SQL INJECTION in Google Ads API using Python?


I searched some forums about how to prevent sql injection in python and saw that there are ways to use a code like the following:

nome = "'Carlos' , idade = 80" cursor.execute("UPDATE cliente SET nome=%(nome)s WHERE idcliente=13", ({'nome': nome, }))

Most of the examples I see the variable 'cursor.execute' and an execute next to it, I would like to know how to replicate this in the Google ads API.

I want to know if have some 'cursor.execute' in Google Ads API...


Solution

  • The answer that i receive from the creators of the Google Ads API (Python lib) was:

    The query language we use isn't SQL, it's called GAQL, and is thus not susceptible to the same types of injection attacks as SQL because it's range of functionality is much smaller. Specifically, there is no query in GAQL that would allow you to write or update data, it's used only for reads.

    Hope that helps, let me know if you have any more specific questions.