From d108bca11d75235961365a3654b193b76a33e314 Mon Sep 17 00:00:00 2001
From: 2000-Trek <anton@postmitdermaus.de>
Date: Wed, 14 Jun 2023 22:15:05 +0200
Subject: [PATCH] SQL injektionn

---
 main.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.py b/main.py
index 0a3e03c..4007827 100644
--- a/main.py
+++ b/main.py
@@ -112,7 +112,7 @@ def remove_user():
 @app.route("/adduser/user", methods=['GET'])
 def adduser():
     user = request.args.get("username")
-    c.execute(f"SELECT * FROM users WHERE username='{str(user)}'") 
+    c.execute(f"SELECT * FROM users WHERE username='%users'", {'user' : user}) 
     if c.fetchall() == []:
         c.execute("INSERT or IGNORE INTO users (username, balance) VALUES ('%(user)s', 0)", {'user' : user} )
         conn.commit()