Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix sql injections
  • Loading branch information
Sandra Thieme committed Nov 3, 2013
1 parent 05bdd0e commit 9d8adbc
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions mod_fun/__init__.py
Expand Up @@ -71,7 +71,7 @@ def klauen(self, params, name, words):
self.parent.privmsg(u'hast du nicht was vergessen?', params.channel)

def aendern(self, name, amount, item):
keks = self.DBcursor.execute(u"SELECT nickname, count from kekse WHERE nickname like '%s' AND item =='%s' LIMIT 1" % (name, item)).fetchall()
keks = self.DBcursor.execute(u"SELECT nickname, count from kekse WHERE nickname like ? AND item ==? LIMIT 1", (name, item)).fetchall()
if(len(keks)>0 and len(keks[0]) > 1):
keks = keks[0][1]
if amount == 0:
Expand Down Expand Up @@ -106,7 +106,7 @@ def lesen(self, params, name, words):
anrede=u"%s hat" % params.args[0]
self.parent.privmsg(u"%s %i %s." % (anrede, keks, words['plural']), params.channel)
elif len(params.args) == 0:
keks = self.DBcursor.execute(u"SELECT `nickname`, `count` from kekse WHERE item=='%s' AND `count`>=1 ORDER BY `count` DESC LIMIT 10" % (name)).fetchall()
keks = self.DBcursor.execute(u"SELECT `nickname`, `count` from kekse WHERE item==? AND `count`>=1 ORDER BY `count` DESC LIMIT 10", (name)).fetchall()
if len(keks) <= 0:
self.parent.privmsg(u"Es gibt noch keine %s?" % words['plural'], params.channel)
return
Expand Down

0 comments on commit 9d8adbc

Please sign in to comment.