diff --git a/main.py b/main.py index ff7e103..38ca25d 100644 --- a/main.py +++ b/main.py @@ -306,7 +306,7 @@ def get_id(): queue_item = users.get() user = queue_item[0] state = queue_item[1] - c.execute(f"SELECT * FROM users WHERE id={user}") + c.execute(f"SELECT * FROM users WHERE id=?", [user]) username = c.fetchall()[0][1] if state == "add": c.execute(f"SELECT * FROM tags WHERE tagid={tag_id}") @@ -315,22 +315,22 @@ def get_id(): finished = queue_item return make_response(json.dumps({"mode":"error","error":"170"})) else: - c.execute(f"INSERT OR IGNORE INTO tags (tagid, userid) VALUES ({tag_id}, {user})") + c.execute(f"INSERT OR IGNORE INTO tags (tagid, userid) VALUES ({tag_id}, ?)", [user]) message = f"Added {tag_id} to {username}" db_log.info(message) finished = queue_item conn.commit() - return make_response(json.dumps({"mode":"message","username":username,"message":"A tag was added"})) + return make_response(json.dumps({"mode":"message","username":"%s".format(username),"message":"A tag was added"})) elif state == "remove": - c.execute(f"SELECT * FROM tags WHERE (tagid = {tag_id} AND userid = {user})") + c.execute(f"SELECT * FROM tags WHERE (tagid = {tag_id} AND userid = ?)", [user]) tags = c.fetchall() if tags != []: - c.execute(f"DELETE FROM tags WHERE (tagid = {tag_id} AND userid = {user}) ") + c.execute(f"DELETE FROM tags WHERE (tagid = {tag_id} AND userid = ?)", [user]) message = f"Removed {tag_id} from {username}" db_log.info(message) finished = queue_item conn.commit() - return make_response(json.dumps({"mode":"message","username":username,"message":"A tag was removed"})) + return make_response(json.dumps({"mode":"message","username":"%s".format(username),"message":"A tag was removed"})) else: message = "054" finished = queue_item