diff options
| author | altaf-creator <dev@altafcreator.com> | 2025-12-03 19:13:52 +0700 |
|---|---|---|
| committer | altaf-creator <dev@altafcreator.com> | 2025-12-03 19:13:52 +0700 |
| commit | 9ba2e75857bfa6285493576038ae9602b0816d34 (patch) | |
| tree | 040aaf94a1175107be618f722351bfdcb01b2d2f /backend/main.py | |
| parent | b95f0c64f774306b917c73657a023cdbc5e9831e (diff) | |
securer, preventing sql injections
Diffstat (limited to 'backend/main.py')
| -rw-r--r-- | backend/main.py | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/backend/main.py b/backend/main.py index aaab7a1..e3dbc87 100644 --- a/backend/main.py +++ b/backend/main.py @@ -187,7 +187,7 @@ def restart_terminated_schedules(): def reminder_timer_finished(timer_id): print("timer almost finished", timer_id) - cursor.execute(f"SELECT * FROM timers WHERE timer_id = '{timer_id}'") + cursor.execute("SELECT * FROM timers WHERE timer_id = ?", timer_id) out = cursor.fetchall() scheduler.add_job(final_timer_finished, 'date', run_date=out[0][RowIndices.END_TIME], id=str(timer_id), args=[timer_id]) @@ -206,7 +206,7 @@ def reminder_timer_finished(timer_id): def final_timer_finished(timer_id): print("timer finished!1", timer_id) - cursor.execute(f"SELECT * FROM timers WHERE timer_id = '{timer_id}'") + cursor.execute("SELECT * FROM timers WHERE timer_id = ?", timer_id) out = cursor.fetchall() notification = Notification(app_id=ONESIGNAL_APP_ID, @@ -287,12 +287,11 @@ def start_new_timer(data: RequestData, response: fastapi.Response, session_key: try: print("session key valid", session_key) end_date = now + datetime.timedelta(minutes=(data.duration * 30)) - cursor.execute(f""" + cursor.execute(""" INSERT INTO timers (user_id, start_time, end_time, block, machine, status, subscription_id) - VALUES ('{session_key}', '{now.isoformat()}', '{end_date.isoformat()}', {block}, {machine}, 'RUNNING', '{data.onesignal_subscription_id}') - """) + VALUES (?, ?, ?, ?, ?, ?, ?)""", (session_key, now.isoformat(), end_date.isoformat(), block, machine, 'RUNNING', data.onesignal_subscription_id,)) conn.commit() - cursor.execute("SELECT * FROM timers;") + cursor.execute(f"SELECT * FROM timers WHERE end_time = '{end_date.isoformat()}';") out = cursor.fetchall() for row in out: @@ -333,7 +332,7 @@ def check_status(response: fastapi.Response, session_key: Annotated[str | None, print("no session key, creating.") session_key = create_session(response) - cursor.execute(f"SELECT * FROM timers WHERE user_id = '{session_key}'") + cursor.execute("SELECT * FROM timers WHERE user_id = ?", session_key) out = cursor.fetchall() for row in out: |