string escaping(?)

Author: tslashd

sql.py

@@ -38,7 +38,7 @@ def insertQuery(query):
     )
 
     mycursor = mydb.cursor()
-    mycursor.execute(query)
+    mycursor.execute("", (query))
 
     mydb.commit()
 

surftimer/ck_playerrank.py

@@ -127,6 +127,7 @@ async def updatePlayerRankPoints(
         data.steamid32,
         data.style,
     )
+
     xquery = insertQuery(sql)
 
     content_data = {"updated": xquery, "xtime": time.perf_counter() - tic}

surftimer/queries.py

@@ -61,7 +61,7 @@
 ## ck_playerrank
 sql_createPlayerRank = "CREATE TABLE IF NOT EXISTS `ck_playerrank` (`steamid` varchar(32) NOT NULL DEFAULT '', `steamid64` varchar(64) DEFAULT NULL, `name` varchar(64) DEFAULT NULL, `country` varchar(32) DEFAULT NULL, `countryCode` varchar(3) DEFAULT NULL, `continentCode` varchar(3) DEFAULT NULL, `points` int(12) DEFAULT '0', `wrpoints` int(12) NOT NULL DEFAULT '0', `wrbpoints` int(12) NOT NULL DEFAULT '0', `wrcppoints` int(11) NOT NULL DEFAULT '0', `top10points` int(12) NOT NULL DEFAULT '0', `groupspoints` int(12) NOT NULL DEFAULT '0', `mappoints` int(11) NOT NULL DEFAULT '0', `bonuspoints` int(12) NOT NULL DEFAULT '0', `finishedmaps` int(12) DEFAULT '0', `finishedmapspro` int(12) DEFAULT '0', `finishedbonuses` int(12) NOT NULL DEFAULT '0', `finishedstages` int(12) NOT NULL DEFAULT '0', `wrs` int(12) NOT NULL DEFAULT '0', `wrbs` int(12) NOT NULL DEFAULT '0', `wrcps` int(12) NOT NULL DEFAULT '0', `top10s` int(12) NOT NULL DEFAULT '0', `groups` int(12) NOT NULL DEFAULT '0', `lastseen` int(64) DEFAULT NULL, `joined` int(64) NOT NULL, `timealive` int(64) NOT NULL DEFAULT '0', `timespec` int(64) NOT NULL DEFAULT '0', `connections` int(64) NOT NULL DEFAULT '1', `readchangelog` int(11) NOT NULL DEFAULT '0', `style` int(11) NOT NULL DEFAULT '0', PRIMARY KEY (`steamid`, `style`)) DEFAULT CHARSET=utf8mb4;"
 sql_insertPlayerRank = "INSERT INTO ck_playerrank (steamid, steamid64, name, country, countryCode, continentCode, joined, style) VALUES('{}', '{}', '{}', '{}', '{}', '{}', {}, {})"
-sql_updatePlayerRankPoints = "UPDATE ck_playerrank SET name ='{}', points ={}, wrpoints = {}, wrbpoints = {}, wrcppoints = {}, top10points = {}, groupspoints = {}, mappoints = {}, bonuspoints = {}, finishedmapspro={}, finishedbonuses = {}, finishedstages = {}, wrs = {}, wrbs = {}, wrcps = {}, top10s = {}, `groups` = {} where steamid='{}' AND style = {};"
+sql_updatePlayerRankPoints = "UPDATE ck_playerrank SET `name` ='{}', points ={}, wrpoints = {}, wrbpoints = {}, wrcppoints = {}, top10points = {}, groupspoints = {}, mappoints = {}, bonuspoints = {}, finishedmapspro={}, finishedbonuses = {}, finishedstages = {}, wrs = {}, wrbs = {}, wrcps = {}, top10s = {}, `groups` = {} where steamid='{}' AND style = {};"
 sql_updatePlayerRankPoints2 = "UPDATE ck_playerrank SET name ='{}', points ={}, wrpoints = {}, wrbpoints = {}, wrcppoints = {}, top10points = {}, groupspoints = {}, mappoints = {}, bonuspoints = {}, finishedmapspro={}, finishedbonuses = {}, finishedstages = {}, wrs = {}, wrbs = {}, wrcps = {}, top10s = {}, `groups` = {}, country = '{}', countryCode = '{}', continentCode = '{}' where steamid='{}' AND style = {};"
 sql_updatePlayerRank = "UPDATE ck_playerrank SET finishedmaps ='{}', finishedmapspro='{}' where steamid='{}' AND style = '{}';"
 sql_selectPlayerName = "SELECT name FROM ck_playerrank where steamid = '{}'"