diff options
Diffstat (limited to 'ustayml/views/auth.py')
| -rw-r--r-- | ustayml/views/auth.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ustayml/views/auth.py b/ustayml/views/auth.py index 92710a1..9a4eced 100644 --- a/ustayml/views/auth.py +++ b/ustayml/views/auth.py @@ -26,11 +26,11 @@ def register(): if error is None: try: - # NOTE: don't use f-string here. Use `?` placeholders so that + # NOTE: don't use f-string here. Use placeholders so that # database library can escape the fields # (otherwise SQL injection vulnerability) db.execute( - "INSERT INTO user (username, password) VALUES (?, ?)", + "INSERT INTO \"user\" (username, password) VALUES (%s, %s)", (username, generate_password_hash(password)) ) db.commit() @@ -52,7 +52,7 @@ def login(): db = get_db() error = None user = db.execute( - 'SELECT * FROM user WHERE username = ?', (username,) + 'SELECT * FROM \"user\" WHERE username = %s', (username,) ).fetchone() if user is None: @@ -79,7 +79,7 @@ def load_logged_in_user(): g.user = None else: g.user = get_db().execute( - 'SELECT * FROM user WHERE id = ?', (user_id,) + 'SELECT * FROM "user" WHERE id = %s', (user_id,) ).fetchone() |