forked from bton/matekasse
fixed sql injektion
This commit is contained in:
parent
d015a68c8c
commit
6e377f8708
1 changed files with 2 additions and 2 deletions
4
main.py
4
main.py
|
@ -128,7 +128,7 @@ def confirm_remove_user():
|
|||
@app.route("/removeuser", methods=['GET'])
|
||||
def remove_user():
|
||||
user_id = request.args.get("id")
|
||||
c.execute(f"SELECT * FROM users WHERE id='{user_id}'")
|
||||
c.execute(f"SELECT * FROM users WHERE id=?", [user_id])
|
||||
users = c.fetchall()
|
||||
if users != []:
|
||||
user_name = users[0][1]
|
||||
|
@ -275,7 +275,7 @@ def get_id():
|
|||
global finished
|
||||
global message
|
||||
tag_id = request.args.get("id")
|
||||
c.execute(f"SELECT * FROM tags WHERE tagid ='{tag_id}'")
|
||||
c.execute(f"SELECT * FROM tags WHERE tagid =?", [tag_id])
|
||||
|
||||
tag_list = c.fetchall()
|
||||
if users.qsize() > 0:
|
||||
|
|
Loading…
Reference in a new issue