j3d1/matekasse
1
0
Fork 0
forked from bton/matekasse
Code Pull requests Activity

SQL injektionn

Browse source
This commit is contained in:
2000-Trek 2023-06-14 22:15:05 +02:00
parent 36da985835
commit d108bca11d
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
main.py
View file

@ -112,7 +112,7 @@ def remove_user():
@app.route("/adduser/user", methods=['GET']) @app.route("/adduser/user", methods=['GET'])
def adduser(): def adduser():
user = request.args.get("username") user = request.args.get("username")
c.execute(f"SELECT * FROM users WHERE username='{str(user)}'") c.execute(f"SELECT * FROM users WHERE username='%users'", {'user' : user})
if c.fetchall() == []: if c.fetchall() == []:
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%(user)s', 0)", {'user' : user} ) c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%(user)s', 0)", {'user' : user} )
conn.commit() conn.commit()