fixed sql injektion

main.py

@@ -128,7 +128,7 @@ def confirm_remove_user():
 @app.route("/removeuser", methods=['GET'])
 def remove_user():
     user_id = request.args.get("id")
-    c.execute(f"SELECT * FROM users WHERE id='{user_id}'")
+    c.execute(f"SELECT * FROM users WHERE id=?", [user_id])
     users = c.fetchall()
     if users != []:
         user_name = users[0][1]
@@ -275,7 +275,7 @@ def get_id():
     global finished
     global message
     tag_id = request.args.get("id")
-    c.execute(f"SELECT * FROM tags WHERE tagid ='{tag_id}'")
+    c.execute(f"SELECT * FROM tags WHERE tagid =?", [tag_id])
 
     tag_list = c.fetchall()
     if users.qsize() > 0: