diff options
| author | Emile <hanemile@protonmail.com> | 2019-10-26 16:38:25 +0200 |
|---|---|---|
| committer | Emile <hanemile@protonmail.com> | 2019-10-26 16:38:25 +0200 |
| commit | 954751d37f66562f3d92bb67d6652220fb0a59d5 (patch) | |
| tree | f41e757de2aac560ea87e262d83a6eb6d0793744 | |
| parent | ad6637c23687f8d668029e16225c07b50085e095 (diff) | |
prepared statements in dbEditChallengeUUID
| -rw-r--r-- | src/db.go | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/db.go b/src/db.go index 050ea05..2d9a876 100644 --- a/src/db.go +++ b/src/db.go @@ -112,9 +112,11 @@ func dbNewChallenge(challenge Challenge) (string, error) { // editChallengeUUID edited the challenge with the given uuid using the values in the updatedChallenge func dbEditChallengeUUID(uuid string, updatedChallenge Challenge) error { - query := fmt.Sprintf("UPDATE challenges SET name = '%s', description = '%s', flag = '%s', container = '%s', category = '%s', points = %d, static = %t WHERE uuid::text = '%s'", updatedChallenge.Name, updatedChallenge.Description, updatedChallenge.Flag, updatedChallenge.Container, updatedChallenge.Category, updatedChallenge.Points, updatedChallenge.Static, updatedChallenge.UUID) - _, err := db.Exec(query) + query := fmt.Sprintf("UPDATE challenges SET name = '$1', description = '$2', flag = '$3', container = '$4', category = '$5', points = $6, static = $7 WHERE uuid::text = '$8'") + + err := db.QueryRow(query, updatedChallenge.Name, updatedChallenge.Description, updatedChallenge.Flag, updatedChallenge.Container, updatedChallenge.Category, updatedChallenge.Points, updatedChallenge.Static, updatedChallenge.UUID) + if err != nil { return err } |
