about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorEmile <hanemile@protonmail.com>2019-10-26 16:40:19 +0200
committerEmile <hanemile@protonmail.com>2019-10-26 16:40:19 +0200
commit122aad446156d85fa0a41b056a8c87ed60cb8696 (patch)
tree83c14c1788aefbbf68a78cd1676e2d707dbdf6bd /src
parent954751d37f66562f3d92bb67d6652220fb0a59d5 (diff)
prepared statements in dbGetChallengeByUUID and dbDeleteChallengeByUUID
Diffstat (limited to 'src')
-rw-r--r--src/db.go11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/db.go b/src/db.go
index 2d9a876..94e317c 100644
--- a/src/db.go
+++ b/src/db.go
@@ -127,12 +127,12 @@ func dbEditChallengeUUID(uuid string, updatedChallenge Challenge) error {
 // dbGetChallengeByUUID returns the challenge with the given UUID from the database
 func dbGetChallengeByUUID(uuid string) (Challenge, error) {
 	// build the query to be executed
-	query := fmt.Sprintf("SELECT uuid, name, description, flag, container, category, points, static FROM challenges WHERE uuid::text= '%s'", uuid)
+	query := fmt.Sprintf("SELECT uuid, name, description, flag, container, category, points, static FROM challenges WHERE uuid::text= '$1'")
 
 	challenge := Challenge{}
 
 	// execute the query storing the values in the challenge struct defined above
-	err := db.QueryRow(query).Scan(&challenge.UUID, &challenge.Name, &challenge.Description, &challenge.Flag, &challenge.Container, &challenge.Category, &challenge.Points, &challenge.Static)
+	err := db.QueryRow(query, uuid).Scan(&challenge.UUID, &challenge.Name, &challenge.Description, &challenge.Flag, &challenge.Container, &challenge.Category, &challenge.Points, &challenge.Static)
 
 	if err != nil {
 		return Challenge{}, err
@@ -141,9 +141,12 @@ func dbGetChallengeByUUID(uuid string) (Challenge, error) {
 }
 
 func dbDeleteChallengeByUUID(uuid string) error {
-	query := fmt.Sprintf("DELETE FROM challenges WHERE uuid::text = '%s'", uuid)
+	query := fmt.Sprintf("DELETE FROM challenges WHERE uuid::text = '%s'")
 
-	_, _ = db.Exec(query)
+	err = db.QueryRow(query, uuid)
+	if err != nil {
+		return err
+	}
 
 	return nil
 }