Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent sql injection, refresh db.
  • Loading branch information
viakondratiuk committed Mar 22, 2015
1 parent e349697 commit 62a6e24
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 3 deletions.
Binary file modified machine.db
Binary file not shown.
5 changes: 2 additions & 3 deletions machine.py
Expand Up @@ -151,8 +151,7 @@ def is_card_pin_at_session(request):
return 'card' in request.session and request.session['card']['valid_pin'] is True

def get_card(request, cc_number):
q = "select * from cards where cc_number = '%s'" % cc_number.replace('-', '')
row = request.db.execute(q).fetchone()
row = request.db.execute("select * from cards where cc_number = ?", (cc_number.replace('-', ''),)).fetchone()
if row is not None:
return dict(
id = row[0],
Expand All @@ -172,7 +171,7 @@ def update_failed_attempts(request, failed_attempts):

def block_card(request):
card = request.session['card']
request.db.execute("update cards set status = 'blocked' where id = %s" % card['id'])
request.db.execute("update cards set status = 'blocked' where id = ?", (card['id'],))
request.db.commit()

def save_balance_check(request):
Expand Down

0 comments on commit 62a6e24

Please sign in to comment.