From 36da9858353348fd47de9a8cf17f891b50b1354e Mon Sep 17 00:00:00 2001 From: 2000-Trek Date: Wed, 14 Jun 2023 22:03:14 +0200 Subject: [PATCH] Fic sql injektions --- main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 24ec25d..0a3e03c 100644 --- a/main.py +++ b/main.py @@ -59,7 +59,7 @@ def list(): @app.route("/list/user", methods=['GET']) def user_info(): username = request.args.get("user") - c.execute("SELECT * FROM users WHERE username = '%s'" % username) + c.execute("SELECT * FROM users WHERE username = '%(username)s'", {'username':username}) user_list = c.fetchall() if user_list != []: user = user_list[0] @@ -114,7 +114,7 @@ def adduser(): user = request.args.get("username") c.execute(f"SELECT * FROM users WHERE username='{str(user)}'") if c.fetchall() == []: - c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%s', 0)" % user) + c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%(user)s', 0)", {'user' : user} ) conn.commit() return 'Added user user and tag list

The creator of this website accepts no liability for any linguistic or technical errors!

' else: