TODO$2$: write a prepared statement for this query with parameters for the two

strings passed in$.$ Comment out the query that used simple concatenation. Then, in

TODO$3,$ write the execution statement to execute the prepared statement, commenting

out the existing statement $($we recommend commenting out instead of deleting$).$

After saving and launching the app, try option $1$ with the SQL injection attack and see if

it successfully protected the data from retrieval.

Query$2$: TODO$4$: write a prepared statement for this query with parameters for the two

strings passed in$.$ Comment out the query that used simple concatenation. Then, in

TODO$5,$ write the execution statement to execute the prepared statement, commenting

out the existing statement $($we recommend commenting out instead of deleting$).$

Check that the patient table currently exists in the test$\_$sql$\_$inj database and re$-$establish

it if necessary.

After saving and launching the app, try option $2$ with the SQL injection attack and see if

it successfully protected the patient table from deletion in the database.

Submit your DBConnector.py file to gradescope when you have verified that your

prepared statements are working.TODO$2$: write a prepared statement for this query with parameters for the two

strings passed in$.$ Comment out the query that used simple concatenation. Then, in

TODO$3,$ write the execution statement to execute the prepared statement, commenting

out the existing statement $($we recommend commenting out instead of deleting$).$

After saving and launching the app, try option $1$ with the SQL injection attack and see if

it successfully protected the data from retrieval.

Query$2$: TODO$4$: write a prepared statement for this query with parameters for the two

strings passed in$.$ Comment out the query that used simple concatenation. Then, in

TODO$5,$ write the execution statement to execute the prepared statement, commenting

out the existing statement $($we recommend commenting out instead of deleting$).$

Check that the patient table currently exists in the test$\_$sql$\_$inj database and re$-$establish

it if necessary.

After saving and launching the app, try option $2$ with the SQL injection attack and see if

it successfully protected the patient table from deletion in the database.

Submit your DBConnector.py file to gradescope when you have verified that your

prepared statements are working.