From d015a68c8c8dfb257a3937ba2ec7c3022bf31d85 Mon Sep 17 00:00:00 2001 From: 2000-Trek Date: Wed, 5 Jul 2023 22:04:12 +0200 Subject: [PATCH] fixed sql injektion --- main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index 04ecd3a..1549519 100644 --- a/main.py +++ b/main.py @@ -84,7 +84,7 @@ def list(): @app.route("/list/user", methods=['GET']) def user_info(): id = request.args.get("id") - c.execute(f"SELECT * FROM users WHERE (id) VALUES (?)", [id]) + c.execute(f"SELECT * FROM users WHERE id=?", [id]) user_list = c.fetchall() if user_list != []: user = user_list[0] @@ -296,7 +296,7 @@ def get_id(): db_log.info(message) finished = queue_item conn.commit() - return make_response(json.dumps({"mode":"2","username":username,"message":"1"})) + return make_response(json.dumps({"mode":"message","username":username,"message":"A tag was added"})) elif state == "remove": c.execute(f"SELECT * FROM tags WHERE (tagid = {tag_id} AND userid = {user})") tags = c.fetchall() @@ -306,7 +306,7 @@ def get_id(): db_log.info(message) finished = queue_item conn.commit() - return make_response(json.dumps({"mode":"2","username":username,"message":"2"})) + return make_response(json.dumps({"mode":"message","username":username,"message":"A tag was removed"})) else: message = "054" finished = queue_item