aresolution for security fix

BIPLAVGHOSAL · BIPLAVGHOSAL · commit b2b6a7af6344 · 2025-05-03T11:53:26.000+01:00
diff --git a/server/routes.py b/server/routes.py
@@ -13,13 +13,13 @@ def index():
 
     if name:
         cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+            "SELECT * FROM books WHERE name LIKE %s", name
         )
         books = [Book(*row) for row in cursor]
 
     elif author:
         cursor.execute(
-            "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+            "SELECT * FROM books WHERE author LIKE %s", author
         )
         books = [Book(*row) for row in cursor]
 

Original file line number	Diff line number	Diff line change
`@@ -13,13 +13,13 @@ def index():`
`13`	`13`
`14`	`14`	`if name:`
`15`	`15`	`cursor.execute(`
`16`		`- "SELECT * FROM books WHERE name LIKE '%" + name + "%'"`
	`16`	`+ "SELECT * FROM books WHERE name LIKE %s", name`
`17`	`17`	`)`
`18`	`18`	`books = [Book(*row) for row in cursor]`
`19`	`19`
`20`	`20`	`elif author:`
`21`	`21`	`cursor.execute(`
`22`		`- "SELECT * FROM books WHERE author LIKE '%" + author + "%'"`
	`22`	`+ "SELECT * FROM books WHERE author LIKE %s", author`
`23`	`23`	`)`
`24`	`24`	`books = [Book(*row) for row in cursor]`
`25`	`25`