Mercurial > getan
changeset 350:f581752317fd
Correctly escape sql query
author | Björn Ricks <bjoern.ricks@intevation.de> |
---|---|
date | Mon, 03 Mar 2014 14:22:30 +0100 |
parents | c97a4b6a6887 |
children | b5dc92631561 |
files | getan/backend.py |
diffstat | 1 files changed, 3 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/getan/backend.py Mon Mar 03 11:38:23 2014 +0100 +++ b/getan/backend.py Mon Mar 03 14:22:30 2014 +0100 @@ -64,7 +64,7 @@ FROM entries WHERE - project_id = %i + project_id = :project_id ORDER BY id DESC @@ -160,7 +160,8 @@ cur = None try: cur = self.con.cursor() - cur.execute(LOAD_PROJECT_ENTRIES % project_id) + cur.execute(LOAD_PROJECT_ENTRIES, + {"project_id": project_id}) entries = [] while True: