From 122aad446156d85fa0a41b056a8c87ed60cb8696 Mon Sep 17 00:00:00 2001 From: Emile Date: Sat, 26 Oct 2019 16:40:19 +0200 Subject: prepared statements in dbGetChallengeByUUID and dbDeleteChallengeByUUID --- src/db.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/db.go b/src/db.go index 2d9a876..94e317c 100644 --- a/src/db.go +++ b/src/db.go @@ -127,12 +127,12 @@ func dbEditChallengeUUID(uuid string, updatedChallenge Challenge) error { // dbGetChallengeByUUID returns the challenge with the given UUID from the database func dbGetChallengeByUUID(uuid string) (Challenge, error) { // build the query to be executed - query := fmt.Sprintf("SELECT uuid, name, description, flag, container, category, points, static FROM challenges WHERE uuid::text= '%s'", uuid) + query := fmt.Sprintf("SELECT uuid, name, description, flag, container, category, points, static FROM challenges WHERE uuid::text= '$1'") challenge := Challenge{} // execute the query storing the values in the challenge struct defined above - err := db.QueryRow(query).Scan(&challenge.UUID, &challenge.Name, &challenge.Description, &challenge.Flag, &challenge.Container, &challenge.Category, &challenge.Points, &challenge.Static) + err := db.QueryRow(query, uuid).Scan(&challenge.UUID, &challenge.Name, &challenge.Description, &challenge.Flag, &challenge.Container, &challenge.Category, &challenge.Points, &challenge.Static) if err != nil { return Challenge{}, err @@ -141,9 +141,12 @@ func dbGetChallengeByUUID(uuid string) (Challenge, error) { } func dbDeleteChallengeByUUID(uuid string) error { - query := fmt.Sprintf("DELETE FROM challenges WHERE uuid::text = '%s'", uuid) + query := fmt.Sprintf("DELETE FROM challenges WHERE uuid::text = '%s'") - _, _ = db.Exec(query) + err = db.QueryRow(query, uuid) + if err != nil { + return err + } return nil } -- cgit 1.4.1