From 954751d37f66562f3d92bb67d6652220fb0a59d5 Mon Sep 17 00:00:00 2001
From: Emile <hanemile@protonmail.com>
Date: Sat, 26 Oct 2019 16:38:25 +0200
Subject: prepared statements in dbEditChallengeUUID

---
 src/db.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/db.go b/src/db.go
index 050ea05..2d9a876 100644
--- a/src/db.go
+++ b/src/db.go
@@ -112,9 +112,11 @@ func dbNewChallenge(challenge Challenge) (string, error) {
 
 // editChallengeUUID edited the challenge with the given uuid using the values in the updatedChallenge
 func dbEditChallengeUUID(uuid string, updatedChallenge Challenge) error {
-	query := fmt.Sprintf("UPDATE challenges SET name = '%s', description = '%s', flag = '%s', container = '%s', category = '%s', points = %d, static = %t WHERE uuid::text = '%s'", updatedChallenge.Name, updatedChallenge.Description, updatedChallenge.Flag, updatedChallenge.Container, updatedChallenge.Category, updatedChallenge.Points, updatedChallenge.Static, updatedChallenge.UUID)
 
-	_, err := db.Exec(query)
+	query := fmt.Sprintf("UPDATE challenges SET name = '$1', description = '$2', flag = '$3', container = '$4', category = '$5', points = $6, static = $7 WHERE uuid::text = '$8'")
+
+	err := db.QueryRow(query, updatedChallenge.Name, updatedChallenge.Description, updatedChallenge.Flag, updatedChallenge.Container, updatedChallenge.Category, updatedChallenge.Points, updatedChallenge.Static, updatedChallenge.UUID)
+
 	if err != nil {
 		return err
 	}
-- 
cgit 1.4.1