From e5964c6143f227b0280291eb21eeacdb8802b44f Mon Sep 17 00:00:00 2001 From: 2000-Trek Date: Fri, 16 Jun 2023 19:20:25 +0200 Subject: [PATCH] Fixed SQlite injektions --- main.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.py b/main.py index f498f92..d0a8f22 100644 --- a/main.py +++ b/main.py @@ -59,7 +59,7 @@ def list(): @app.route("/list/user", methods=['GET']) def user_info(): username = request.args.get("user") - c.execute("SELECT * FROM users WHERE username = '?'", [username]) + c.execute("SELECT * FROM users WHERE username = ?", [username]) user_list = c.fetchall() if user_list != []: user = user_list[0] @@ -112,9 +112,9 @@ def remove_user(): @app.route("/adduser/user", methods=['GET']) def adduser(): user = request.args.get("username") - c.execute("SELECT * FROM users WHERE username='%s'", user) + c.execute("SELECT * FROM users WHERE username=?", [user]) if c.fetchall() == []: - c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (%(user)s, 0)", {'user': user}) + c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [user]) conn.commit() return 'Added user user and tag list

The creator of this website accepts no liability for any linguistic or technical errors!

' else: