vivlim
/
smscast
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

slightly less vulnerable to sql injection

This commit is contained in:
Vivian Lim 2014-05-15 19:23:16 -04:00
parent 1ce8343788
commit 9bc908233e
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
user.py
View File

@ -8,7 +8,7 @@ class User:
self.db = MySQLdb.connect(user=config.MYSQL_USER, passwd=config.MYSQL_PASSWD, db=config.MYSQL_DB)
c = self.db.cursor()
c.execute("""SELECT name FROM users WHERE uid = {}""".format(uid))
c.execute("""SELECT name FROM users WHERE uid = %s""", (uid,))
self.name = c.fetchall()[0][0]
def is_authenticated(self):