Patched /tmp/tmpksa429lb/index.py

Author: patched.codes[bot]

index.py

@@ -7,12 +7,10 @@
 }
 
 def get_data_by_config_value(value):
-    # This might look suspicious due to string concatenation with values from CONFIG.
-    query = "SELECT * FROM " + CONFIG["default_table"] + " WHERE " + CONFIG["default_column"] + " = '" + value + "'"
-
     connection = sqlite3.connect("database.db")
     cursor = connection.cursor()
-    cursor.execute(query)
+    query = "SELECT * FROM {} WHERE {} = ?".format(CONFIG["default_table"], CONFIG["default_column"])
+    cursor.execute(query, (value,))
     result = cursor.fetchall()
     connection.close()