# HG changeset patch
# User Björn Ricks <bjoern.ricks@intevation.de>
# Date 1393852950 -3600
# Node ID f581752317fd9e6db32915fffdf36325731d6160
# Parent  c97a4b6a688740bb69edeef159d27b19db80ce87
Correctly escape sql query

diff -r c97a4b6a6887 -r f581752317fd getan/backend.py
--- a/getan/backend.py	Mon Mar 03 11:38:23 2014 +0100
+++ b/getan/backend.py	Mon Mar 03 14:22:30 2014 +0100
@@ -64,7 +64,7 @@
 FROM
     entries
 WHERE
-    project_id = %i
+    project_id = :project_id
 ORDER BY
     id
 DESC
@@ -160,7 +160,8 @@
         cur = None
         try:
             cur = self.con.cursor()
-            cur.execute(LOAD_PROJECT_ENTRIES % project_id)
+            cur.execute(LOAD_PROJECT_ENTRIES,
+                        {"project_id": project_id})
 
             entries = []
             while True: