From 6e377f8708344e5369e17a8d6b8ad71bea997805 Mon Sep 17 00:00:00 2001 From: 2000-Trek Date: Wed, 5 Jul 2023 22:05:50 +0200 Subject: [PATCH] fixed sql injektion --- main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main.py b/main.py index 1549519..364c707 100644 --- a/main.py +++ b/main.py @@ -128,7 +128,7 @@ def confirm_remove_user(): @app.route("/removeuser", methods=['GET']) def remove_user(): user_id = request.args.get("id") - c.execute(f"SELECT * FROM users WHERE id='{user_id}'") + c.execute(f"SELECT * FROM users WHERE id=?", [user_id]) users = c.fetchall() if users != []: user_name = users[0][1] @@ -275,7 +275,7 @@ def get_id(): global finished global message tag_id = request.args.get("id") - c.execute(f"SELECT * FROM tags WHERE tagid ='{tag_id}'") + c.execute(f"SELECT * FROM tags WHERE tagid =?", [tag_id]) tag_list = c.fetchall() if users.qsize() > 0: