Skip to content

Commit

Permalink
sanitize update
Browse files Browse the repository at this point in the history
  • Loading branch information
@achamely
achamely committed Sep 14, 2018
1 parent 150b58d commit 21135b6
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion api/offers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,8 @@ def getsell(txdbserialnum):
return ROWS[0]

def genQs(prefix, tbl_abbr, field, array):
qs = '(' + tbl_abbr + '.' + field + '=\'' + array[0] + '\' ' # table abbrev "." fieldname = address
addr = re.sub(r'\W+', '', array[0]) #check alphanumeric
qs = '(' + tbl_abbr + '.' + field + '=\'' + addr + '\' ' # table abbrev "." fieldname = address
for entry in array[1:]:
entry = re.sub(r'\W+', '', entry) #check alphanumeric
qs += prefix + ' ' + tbl_abbr + '.' + field + '=\'' + entry +'\' ' # "and/or" table abbrev "." fieldname = next address
Expand Down
2 changes: 1 addition & 1 deletion api/search_service.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ def search():
if len(query) < 3:
return jsonify({ 'status': 400, 'data': 'Search query to short.' })

ROWS=dbSelect("select * from transactions t, txjson txj where t.txhash ~* \'" + str(query) + "\' and t.txdbserialnum=txj.txdbserialnum")
ROWS=dbSelect("select * from transactions t, txjson txj where t.txhash ~* %s and t.txdbserialnum=txj.txdbserialnum",[str(query)])

response = []
if len(ROWS) > 0:
Expand Down

0 comments on commit 21135b6

Please sign in to comment.