added escape

2024-03-06 21:38:53 +01:00 · 2024-03-06 21:38:53 +01:00 · 04fd8a20c2
parent ff0c91e3e8
commit 04fd8a20c2
1 changed files with 13 additions and 13 deletions
--- a/Website/db.py
+++ b/Website/db.py
@ -14,44 +14,44 @@ def log(statement, user_id, before, after, change):
 def add_user(after):
    db = get_db()
    c = db.cursor()
-    c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [escape(after)])
+    c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [after])
    user_id = c.lastrowid
-    log("add_user", user_id=escape(user_id), after=escape(after))
+    log("add_user", user_id=user_id, after=after)
    db.commit()

 def remove_user(user_id):
    db = get_db()
    c = db.cursor()
-    c.execute("SELECT * FROM users WHERE id = ?", [escape(user_id)])
+    c.execute("SELECT * FROM users WHERE id = ?", [user_id])
    user_name = c.fetchone()[1]
-    c.execute("SELECT * FROM tags WHERE userid = ?", [escape(user_id)])
+    c.execute("SELECT * FROM tags WHERE userid = ?", [user_id])
    for tag in c.fetchall():
        remove_tag(tag[0])
-    c.execute("DELETE FROM users WHERE id = ?", [escape(user_id)])
-    log("remove_user", user_id=escape(user_id), before=escape(user_name))
+    c.execute("DELETE FROM users WHERE id = ?", [user_id])
+    log("remove_user", user_id=user_id, before=user_name)
    db.commit()

 def add_tag(user_id, tag_id):
    db = get_db()
    c = db.cursor()
-    c.execute("INSERT OR IGNORE INTO tags (tagid, userid) VALUES ?, ?)", [escape(tag_id), escape(user_id)])
+    c.execute("INSERT OR IGNORE INTO tags (tagid, userid) VALUES ?, ?)", [tag_id, user_id])
    db.commit()
-    log("addtag", after=escape(tag_id), user_id=escape(user_id))
+    log("addtag", after=tag_id, user_id=user_id)

 def remove_tag(tag_id):
    db = get_db()
    c = db.cursor()
-    c.execute("SELECT * FROM tags WHERE tagid = ?", [escape(tag_id)])
+    c.execute("SELECT * FROM tags WHERE tagid = ?", [tag_id])
    user_id = c.fetchone()[1]
-    c.execute("DELETE FROM tags WHERE tagid = ?", [escape(tag_id)])
-    log("removetag", before=escape(tag_id), user_id=escape(user_id))
+    c.execute("DELETE FROM tags WHERE tagid = ?", [tag_id])
+    log("removetag", before=tag_id, user_id=user_id)
    db.commit()

 def change_balance(user_id, change):
    db = get_db()
    c = db.cursor()
-    c.execute("UPDATE users SET balance = balance + ? WHERE id=?", [escape(change), escape(user_id)])
-    log("balance", user_id=escape(user_id), change=escape(change))
+    c.execute("UPDATE users SET balance = balance + ? WHERE id=?", [change, user_id])
+    log("balance", user_id=user_id, change=change)
    db.commit()

 def get_db():