Is a SQLAlchemy query vulnerable to injection attacks?

I have the following query that uses like to search a blog. I am not sure if I'm making myself vulnerable to a SQL injection attack if I do this. How is SQLAlchemy handling this? Is it safe?

search_results = Blog.query.with_entities(Blog.blog_title).filter(Blog.blog_title.like("%"+ searchQuery['queryText'] +"%")).all()

Solution 1:

The underlying db-api library for whatever database you're using (sqlite3, psycopg2, etc.) escapes parameters. SQLAlchemy simply passes the statement and parameters to execute, the driver does whatever is needed. Assuming you are not writing raw SQL that includes parameters yourself, you are not vulnerable to injection. Your example is not vulnerable to injection.

Masking a social security number input

SpringServletContainerInitializer cannot be cast to javax.servlet.ServletContainerInitializer

macOS standard keyboard shortcuts for tabbing between windows [duplicate]

Mac Photos: Change Date of selected photos

Control iPhone Remotely

What happens when the battery on my Apple Watch dies while I'm working out? [closed]

How to programmatically get available wifi networks without airport utility?

Does ransomware on Bootcamp Windows affects macOS disk?

Finding and disabling unnecessary open ports on High Sierra

How can I use a single monitor when connecting to a multi monitor machine using Screen Sharing, VNC or RDP?

My MacBook Pro screen cracked and can't connect to external display

Can I output 1080p at 240hz from my 2017 MacBook Pro 13inch with Touch Bar