lib/aiodatalite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add protection about sql injection

Browse Source
This commit is contained in:
ambertide
2022-05-29 01:32:59 +03:00
parent 6a3cafb920
commit 8a3865a137
8 changed files with 353 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
datalite/datalite_decorator.py
View File

@@ -56,7 +56,7 @@ def _update_entry(self) -> None:
def remove_from(class_: type, obj_id: int):
with sql.connect(getattr(class_, "db_path")) as con:
cur: sql.Cursor = con.cursor()
cur.execute(f"DELETE FROM {class_.__name__.lower()} WHERE obj_id = {obj_id}")
cur.execute(f"DELETE FROM {class_.__name__.lower()} WHERE obj_id = ?", (obj_id, ))
con.commit()