From 61e68722cad0202199dfbbffca6d2b7cad808583 Mon Sep 17 00:00:00 2001 From: 2000-Trek Date: Fri, 14 Jul 2023 20:58:44 +0200 Subject: [PATCH] Mehr SQL Injektionkram --- main.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/main.py b/main.py index 7fb586c..ff7e103 100644 --- a/main.py +++ b/main.py @@ -133,10 +133,10 @@ def remove_user(): users = c.fetchall() if users != []: user_name = users[0][1] - c.execute(f"DELETE FROM tags WHERE userid={user_id}") - db_log.info(f"Deleted all tags from user {user_id}") - c.execute(f"DELETE FROM users WHERE id={user_id}") - db_log.info(f"Deleted user {user_id}") + c.execute(f"DELETE FROM tags WHERE userid=?", [user_id]) + db_log.info(f"Deleted all tags from user ?", [user_id]) + c.execute(f"DELETE FROM users WHERE id=?", [user_id]) + db_log.info(f"Deleted user ?", [user_id]) conn.commit() socketio.emit("update", "update") return f'

user and tag list | Documentation

Deleted user {escape(user_name)}

return to the tags and user list

'