File tree Expand file tree Collapse file tree 1 file changed +15
-1
lines changed Expand file tree Collapse file tree 1 file changed +15
-1
lines changed Original file line number Diff line number Diff line change 88
99def get_data_by_config_value (value ):
1010 # This might look suspicious due to string concatenation with values from CONFIG.
11- query = "SELECT * FROM " + CONFIG ["default_table" ] + " WHERE " + CONFIG ["default_column" ] + " = '" + value + "'"
11+ """Retrieves data from a database based on a specified configuration value.
12+
13+ Args:
14+ value (str): The value to match in the database query.
15+
16+ Returns:
17+ list: A list of tuples containing the query results.
18+
19+ Raises:
20+ sqlite3.Error: If there is an issue with the database connection or query execution.
21+
22+ Note:
23+ This method uses string concatenation to build the SQL query, which may be vulnerable
24+ to SQL injection attacks. It is recommended to use parameterized queries instead.
25+ """ query = "SELECT * FROM " + CONFIG ["default_table" ] + " WHERE " + CONFIG ["default_column" ] + " = '" + value + "'"
1226
1327 connection = sqlite3 .connect ("database.db" )
1428 cursor = connection .cursor ()
You can’t perform that action at this time.
0 commit comments