changeset 350:f581752317fd

Correctly escape sql query
author Björn Ricks <bjoern.ricks@intevation.de>
date Mon, 03 Mar 2014 14:22:30 +0100
parents c97a4b6a6887
children b5dc92631561
files getan/backend.py
diffstat 1 files changed, 3 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/getan/backend.py	Mon Mar 03 11:38:23 2014 +0100
+++ b/getan/backend.py	Mon Mar 03 14:22:30 2014 +0100
@@ -64,7 +64,7 @@
 FROM
     entries
 WHERE
-    project_id = %i
+    project_id = :project_id
 ORDER BY
     id
 DESC
@@ -160,7 +160,8 @@
         cur = None
         try:
             cur = self.con.cursor()
-            cur.execute(LOAD_PROJECT_ENTRIES % project_id)
+            cur.execute(LOAD_PROJECT_ENTRIES,
+                        {"project_id": project_id})
 
             entries = []
             while True:
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)