Patched /tmp/tmpkc700rot/index.py

patched-codes · Oct 31, 2024 · 0ad3d47 · 0ad3d47
1 parent 5e38558
commit 0ad3d47
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/index.py b/index.py
@@ -7,12 +7,12 @@
 }
 
 def get_data_by_config_value(value):
-    # This might look suspicious due to string concatenation with values from CONFIG.
-    query = "SELECT * FROM " + CONFIG["default_table"] + " WHERE " + CONFIG["default_column"] + " = '" + value + "'"
+    # Use predefined CONFIG values and a parameterized query for protection against SQL Injection
+    query = f"SELECT * FROM {CONFIG['default_table']} WHERE {CONFIG['default_column']} = ?"
 
     connection = sqlite3.connect("database.db")
     cursor = connection.cursor()
-    cursor.execute(query)
+    cursor.execute(query, (value,))
     result = cursor.fetchall()
     connection.close()