forked from bton/matekasse
Fixed SQlite injektions
This commit is contained in:
parent
b47dbc0880
commit
e5964c6143
1 changed files with 3 additions and 3 deletions
6
main.py
6
main.py
|
@ -59,7 +59,7 @@ def list():
|
||||||
@app.route("/list/user", methods=['GET'])
|
@app.route("/list/user", methods=['GET'])
|
||||||
def user_info():
|
def user_info():
|
||||||
username = request.args.get("user")
|
username = request.args.get("user")
|
||||||
c.execute("SELECT * FROM users WHERE username = '?'", [username])
|
c.execute("SELECT * FROM users WHERE username = ?", [username])
|
||||||
user_list = c.fetchall()
|
user_list = c.fetchall()
|
||||||
if user_list != []:
|
if user_list != []:
|
||||||
user = user_list[0]
|
user = user_list[0]
|
||||||
|
@ -112,9 +112,9 @@ def remove_user():
|
||||||
@app.route("/adduser/user", methods=['GET'])
|
@app.route("/adduser/user", methods=['GET'])
|
||||||
def adduser():
|
def adduser():
|
||||||
user = request.args.get("username")
|
user = request.args.get("username")
|
||||||
c.execute("SELECT * FROM users WHERE username='%s'", user)
|
c.execute("SELECT * FROM users WHERE username=?", [user])
|
||||||
if c.fetchall() == []:
|
if c.fetchall() == []:
|
||||||
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (%(user)s, 0)", {'user': user})
|
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [user])
|
||||||
conn.commit()
|
conn.commit()
|
||||||
return 'Added user <a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p>'
|
return 'Added user <a href="/list">user and tag list</a> <p>The creator of this website accepts no liability for any linguistic or technical errors!</p>'
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in a new issue