1
0
Fork 0
forked from bton/matekasse

Mehr SQL Injektionkram

This commit is contained in:
2000-Trek 2023-07-14 20:58:44 +02:00
parent 1110ec9508
commit 61e68722ca

View file

@ -133,10 +133,10 @@ def remove_user():
users = c.fetchall() users = c.fetchall()
if users != []: if users != []:
user_name = users[0][1] user_name = users[0][1]
c.execute(f"DELETE FROM tags WHERE userid={user_id}") c.execute(f"DELETE FROM tags WHERE userid=?", [user_id])
db_log.info(f"Deleted all tags from user {user_id}") db_log.info(f"Deleted all tags from user ?", [user_id])
c.execute(f"DELETE FROM users WHERE id={user_id}") c.execute(f"DELETE FROM users WHERE id=?", [user_id])
db_log.info(f"Deleted user {user_id}") db_log.info(f"Deleted user ?", [user_id])
conn.commit() conn.commit()
socketio.emit("update", "update") socketio.emit("update", "update")
return f'<p><p><a href="/list">user and tag list</a> | <a href="/documentation">Documentation</a></p> <p>Deleted user {escape(user_name)}</p><a href="/list">return to the tags and user list</a></p>' return f'<p><p><a href="/list">user and tag list</a> | <a href="/documentation">Documentation</a></p> <p>Deleted user {escape(user_name)}</p><a href="/list">return to the tags and user list</a></p>'