Skip to content
This repository has been archived by the owner on Jun 29, 2019. It is now read-only.

Commit

Permalink
Fixing SQL injection vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@micheljung @Sheeo
micheljung authored and Sheeo committed Oct 26, 2015
1 parent 2db4c52 commit 0881cbc
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion api/achievements.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -304,7 +304,7 @@ def achievements_list_player(player_id):
UNIX_TIMESTAMP(create_time) as create_time,
UNIX_TIMESTAMP(update_time) as update_time
FROM player_achievements
WHERE player_id = '%s'""" % player_id)
WHERE player_id = %s""", player_id)

return flask.jsonify(items=cursor.fetchall())

Expand Down

0 comments on commit 0881cbc

Please sign in to comment.