Added security to prevent sql errors in /user

This commit is contained in:
2000-Trek 2023-06-14 18:40:24 +02:00
parent ed3160a5ac
commit fda2fb6ffd

View file

@ -46,7 +46,7 @@ def list():
@app.route("/list/user", methods=['GET'])
def user_info():
username = request.args.get("user")
username = '%s' % request.args.get("user")
c.execute("SELECT * FROM users WHERE username = '%s'" % username)
user = c.fetchall()
if user != []:
@ -67,8 +67,8 @@ def new_user():
@app.route("/removeuser", methods=['GET'])
def remove_user():
user_id = '%s' % request.args.get("id")
c.execute(f"DELETE * FROM tags WHERE (userid = {user_id}) ") #Ist hier noch eine Bestätigung nötig?
c.execute(f"DELETE * FROM users WHERE (id={user_id})")
c.execute(f"DELETE * FROM tags WHERE userid={user_id}") #Noch eine Bestätigung nötig
c.execute(f"DELETE * FROM users WHERE id={user_id}")
conn.commit()
@app.route("/adduser/user", methods=['GET'])