forked from bton/matekasse
Added security to prevent sql errors in /user
This commit is contained in:
parent
ed3160a5ac
commit
fda2fb6ffd
1 changed files with 3 additions and 3 deletions
6
main.py
6
main.py
|
@ -46,7 +46,7 @@ def list():
|
|||
|
||||
@app.route("/list/user", methods=['GET'])
|
||||
def user_info():
|
||||
username = request.args.get("user")
|
||||
username = '%s' % request.args.get("user")
|
||||
c.execute("SELECT * FROM users WHERE username = '%s'" % username)
|
||||
user = c.fetchall()
|
||||
if user != []:
|
||||
|
@ -67,8 +67,8 @@ def new_user():
|
|||
@app.route("/removeuser", methods=['GET'])
|
||||
def remove_user():
|
||||
user_id = '%s' % request.args.get("id")
|
||||
c.execute(f"DELETE * FROM tags WHERE (userid = {user_id}) ") #Ist hier noch eine Bestätigung nötig?
|
||||
c.execute(f"DELETE * FROM users WHERE (id={user_id})")
|
||||
c.execute(f"DELETE * FROM tags WHERE userid={user_id}") #Noch eine Bestätigung nötig
|
||||
c.execute(f"DELETE * FROM users WHERE id={user_id}")
|
||||
conn.commit()
|
||||
|
||||
@app.route("/adduser/user", methods=['GET'])
|
||||
|
|
Loading…
Reference in a new issue