fixed sql injektion
This commit is contained in:
parent
d015a68c8c
commit
6e377f8708
1 changed files with 2 additions and 2 deletions
4
main.py
4
main.py
|
|
@ -128,7 +128,7 @@ def confirm_remove_user():
|
||||||
@app.route("/removeuser", methods=['GET'])
|
@app.route("/removeuser", methods=['GET'])
|
||||||
def remove_user():
|
def remove_user():
|
||||||
user_id = request.args.get("id")
|
user_id = request.args.get("id")
|
||||||
c.execute(f"SELECT * FROM users WHERE id='{user_id}'")
|
c.execute(f"SELECT * FROM users WHERE id=?", [user_id])
|
||||||
users = c.fetchall()
|
users = c.fetchall()
|
||||||
if users != []:
|
if users != []:
|
||||||
user_name = users[0][1]
|
user_name = users[0][1]
|
||||||
|
|
@ -275,7 +275,7 @@ def get_id():
|
||||||
global finished
|
global finished
|
||||||
global message
|
global message
|
||||||
tag_id = request.args.get("id")
|
tag_id = request.args.get("id")
|
||||||
c.execute(f"SELECT * FROM tags WHERE tagid ='{tag_id}'")
|
c.execute(f"SELECT * FROM tags WHERE tagid =?", [tag_id])
|
||||||
|
|
||||||
tag_list = c.fetchall()
|
tag_list = c.fetchall()
|
||||||
if users.qsize() > 0:
|
if users.qsize() > 0:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue