anton/matekasse
2
1
Fork 2
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity

Fic sql injektions

Browse source
This commit is contained in:
2000-Trek 2023-06-14 22:03:14 +02:00
parent 31e14e7757
commit 36da985835
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
main.py
View file

@ -59,7 +59,7 @@ def list():
@app.route("/list/user", methods=['GET']) @app.route("/list/user", methods=['GET'])
def user_info(): def user_info():
username = request.args.get("user") username = request.args.get("user")
c.execute("SELECT * FROM users WHERE username = '%s'" % username) c.execute("SELECT * FROM users WHERE username = '%(username)s'", {'username':username})
user_list = c.fetchall() user_list = c.fetchall()
if user_list != []: if user_list != []:
user = user_list[0] user = user_list[0]
@ -114,7 +114,7 @@ def adduser():
user = request.args.get("username") user = request.args.get("username")
c.execute(f"SELECT * FROM users WHERE username='{str(user)}'") c.execute(f"SELECT * FROM users WHERE username='{str(user)}'")
if c.fetchall() == []: if c.fetchall() == []:
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%s', 0)" % user) c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%(user)s', 0)", {'user' : user} )
conn.commit() conn.commit()
return 'Added user <a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p>' return 'Added user <a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p>'
else: else: