slightly less vulnerable to sql injection
This commit is contained in:
parent
1ce8343788
commit
9bc908233e
2
user.py
2
user.py
|
@ -8,7 +8,7 @@ class User:
|
|||
self.db = MySQLdb.connect(user=config.MYSQL_USER, passwd=config.MYSQL_PASSWD, db=config.MYSQL_DB)
|
||||
|
||||
c = self.db.cursor()
|
||||
c.execute("""SELECT name FROM users WHERE uid = {}""".format(uid))
|
||||
c.execute("""SELECT name FROM users WHERE uid = %s""", (uid,))
|
||||
self.name = c.fetchall()[0][0]
|
||||
|
||||
def is_authenticated(self):
|
||||
|
|
Loading…
Reference in New Issue