about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--src/db.go11
1 files changed, 7 insertions, 4 deletions
diff --git a/src/db.go b/src/db.go
index 2d9a876..94e317c 100644
--- a/src/db.go
+++ b/src/db.go
@@ -127,12 +127,12 @@ func dbEditChallengeUUID(uuid string, updatedChallenge Challenge) error {
 // dbGetChallengeByUUID returns the challenge with the given UUID from the database
 func dbGetChallengeByUUID(uuid string) (Challenge, error) {
 	// build the query to be executed
-	query := fmt.Sprintf("SELECT uuid, name, description, flag, container, category, points, static FROM challenges WHERE uuid::text= '%s'", uuid)
+	query := fmt.Sprintf("SELECT uuid, name, description, flag, container, category, points, static FROM challenges WHERE uuid::text= '$1'")
 
 	challenge := Challenge{}
 
 	// execute the query storing the values in the challenge struct defined above
-	err := db.QueryRow(query).Scan(&challenge.UUID, &challenge.Name, &challenge.Description, &challenge.Flag, &challenge.Container, &challenge.Category, &challenge.Points, &challenge.Static)
+	err := db.QueryRow(query, uuid).Scan(&challenge.UUID, &challenge.Name, &challenge.Description, &challenge.Flag, &challenge.Container, &challenge.Category, &challenge.Points, &challenge.Static)
 
 	if err != nil {
 		return Challenge{}, err
@@ -141,9 +141,12 @@ func dbGetChallengeByUUID(uuid string) (Challenge, error) {
 }
 
 func dbDeleteChallengeByUUID(uuid string) error {
-	query := fmt.Sprintf("DELETE FROM challenges WHERE uuid::text = '%s'", uuid)
+	query := fmt.Sprintf("DELETE FROM challenges WHERE uuid::text = '%s'")
 
-	_, _ = db.Exec(query)
+	err = db.QueryRow(query, uuid)
+	if err != nil {
+		return err
+	}
 
 	return nil
 }