Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed sql injection
  • Loading branch information
Fumon committed Jan 25, 2015
1 parent 5de98cd commit a1f1754
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions metrics-ui/server/srv.go
Expand Up @@ -55,8 +55,8 @@ func main() {

var output string
// This is bad... don't do this.... omg
query := fmt.Sprintf(`SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, end_of_day_total from trello.dailytallies order by day DESC limit %s) r;`, vars["num"])
err := db.QueryRow(query).Scan(&output)
query := `SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, end_of_day_total from trello.dailytallies order by day DESC limit $1) r;`
err := db.QueryRow(query, vars["num"]).Scan(&output)

if err != nil {
log.Println("Error retriving from DB, ", err)
Expand All @@ -76,8 +76,8 @@ func main() {

var output string
// This is bad... don't do this.... omg
query := fmt.Sprintf(`SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, up_count, down_count, finished_count from trello.dailytallies order by day DESC limit %s) r;`, vars["num"])
err := db.QueryRow(query).Scan(&output)
query := `SELECT json_agg(r) FROM (select EXTRACT(epoch FROM day) as day, up_count, down_count, finished_count from trello.dailytallies order by day DESC limit $1) r;`
err := db.QueryRow(query, vars["num"]).Scan(&output)

if err != nil {
log.Println("Error retriving from DB, ", err)
Expand Down

0 comments on commit a1f1754

Please sign in to comment.