From 7536af17cf2c76e45ff6b937bc22d79cfdb6aac6 Mon Sep 17 00:00:00 2001
From: Jonas Leder <jonas@jonasled.de>
Date: Tue, 22 Mar 2022 13:29:13 +0100
Subject: [PATCH] fix sql injection possible

---
 app/redirectShortenURL.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/redirectShortenURL.py b/app/redirectShortenURL.py
index b6050b7..dd37c83 100644
--- a/app/redirectShortenURL.py
+++ b/app/redirectShortenURL.py
@@ -22,7 +22,7 @@ def redirect_shorten_url(request, short_url):
                 calls = row[0] + 1
                 cursor.execute('UPDATE ANALYTICS SET CALLS = ? WHERE SHORT_URL=?', (str(calls), host + "/" + short_url.lower()))
             else:
-                cursor.execute('INSERT INTO ANALYTICS (SHORT_URL) VALUES ("' + host + "/" + short_url.lower() + "\")")
+                cursor.execute('INSERT INTO ANALYTICS (SHORT_URL) VALUES (?)', [host + "/" + short_url.lower()])
 
             return redirect(url) #I use temp redirect here, because the owner of a link can delete it. If then the link is reused, the user will maybe redirected to the wrong page
         else:
-- 
GitLab