怎样在Python中防止SQL注入？

import sqlite3

# 连接到数据库
conn = sqlite3.connect('example.db')
cursor = conn.cursor()

# 用户输入
username = input("请输入用户名: ")
password = input("请输入密码: ")

# 使用参数化查询
query = "SELECT * FROM users WHERE username = ? AND password = ?"
cursor.execute(query, (username, password))

# 获取结果
result = cursor.fetchone()

if result:
    print("登录成功!")
else:
    print("用户名或密码错误!")

# 关闭连接
conn.close()

from sqlalchemy import create_engine, Column, Integer, String
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker

Base = declarative_base()

class User(Base):
    __tablename__ = 'users'
    id = Column(Integer, primary_key=True)
    username = Column(String)
    password = Column(String)

# 创建数据库引擎
engine = create_engine('sqlite:///example.db')
Base.metadata.create_all(engine)

# 创建会话
Session = sessionmaker(bind=engine)
session = Session()

# 用户输入
username = input("请输入用户名: ")
password = input("请输入密码: ")

# 查询用户
user = session.query(User).filter_by(username=username, password=password).first()

if user:
    print("登录成功!")
else:
    print("用户名或密码错误!")

# 关闭会话
session.close()

import re

def validate_input(input_string):
    # 假设我们只允许字母和数字
    if re.match(r'^[a-zA-Z0-9]+$', input_string):
        return input_string
    else:
        raise ValueError("输入包含非法字符")

# 用户输入
username = validate_input(input("请输入用户名: "))
password = validate_input(input("请输入密码: "))

# 使用参数化查询
query = "SELECT * FROM users WHERE username = ? AND password = ?"
cursor.execute(query, (username, password))