pwn/M-CTF-2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIXED SQL INJECTION

Browse Source
This commit is contained in:
pwn
2025-12-14 10:45:55 +03:00
parent cc486e69e9
commit 9fb29bda4a
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
rodchenko/app/utils/db.py
View File

@@ -406,8 +406,10 @@ def search_artworks(query: str) -> List[Dict]:
conn = get_db() conn = get_db()
c = conn.cursor() c = conn.cursor()
try: try:
search_query = f"SELECT * FROM artworks WHERE title LIKE '%{query}%' OR data LIKE '%{query}%'" c.execute(
c.execute(search_query) "SELECT * FROM artworks WHERE title LIKE ? OR data LIKE ?",
(f"%{query}%", f"%{query}%")
)
results_data = c.fetchall() results_data = c.fetchall()
return [ return [
{ {