From 68397eee321f1fa0600d6714844ce318c1f9e9c8 Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
 <298395+patched.codes[bot]@users.noreply.github.com>
Date: Mon, 11 Nov 2024 06:18:12 +0000
Subject: [PATCH] Patched /tmp/tmp_n5ibaaf/sqli/dao/student.py

---
 sqli/dao/student.py | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/sqli/dao/student.py b/sqli/dao/student.py
index d41ef885..3903308a 100644
--- a/sqli/dao/student.py
+++ b/sqli/dao/student.py
@@ -27,11 +27,14 @@ async def get_many(conn: Connection, limit: Optional[int] = None,
         q = 'SELECT id, name FROM students'
         params = {}
         if limit is not None:
-            q += ' LIMIT + %(limit)s '
-            params['limit'] = limit
+            q += ' LIMIT %s '
+            params = (limit,)
         if offset is not None:
-            q += ' OFFSET + %(offset)s '
-            params['offset'] = offset
+            if params:
+                q += ' OFFSET %s '
+                params += (offset,)
+            else:
+                params = (offset,)
         async with conn.cursor() as cur:
             await cur.execute(q, params)
             results = await cur.fetchall()
@@ -39,9 +42,8 @@ async def get_many(conn: Connection, limit: Optional[int] = None,
 
     @staticmethod
     async def create(conn: Connection, name: str):
-        q = ("INSERT INTO students (name) "
-             "VALUES ('%(name)s')" % {'name': name})
         async with conn.cursor() as cur:
-            await cur.execute(q)
-
-
+            await cur.execute(
+                "INSERT INTO students (name) VALUES (%s)",
+                (name,)
+            )