diff options
| author | Artem Tarasov | 2015-06-22 00:30:50 +0300 |
|---|---|---|
| committer | Artem Tarasov | 2015-06-22 00:30:50 +0300 |
| commit | a41f9323ea5b86be6d2139a927586630b222af68 (patch) | |
| tree | f31141b5cf52a4e566f932223b646f065fadd5e3 | |
| parent | 719b41035d721cdd5f4e0faced88534af2619980 (diff) | |
| download | genenetwork2-a41f9323ea5b86be6d2139a927586630b222af68.tar.gz | |
escape docs query
| -rwxr-xr-x | wqflask/wqflask/docs.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/wqflask/wqflask/docs.py b/wqflask/wqflask/docs.py index 07b0b81a..a8363a1f 100755 --- a/wqflask/wqflask/docs.py +++ b/wqflask/wqflask/docs.py @@ -8,9 +8,9 @@ class Docs(object): sql = """ SELECT Docs.title, Docs.content FROM Docs - WHERE Docs.entry LIKE '%s' + WHERE Docs.entry LIKE %s """ - result = g.db.execute(sql % (entry)).fetchone() + result = g.db.execute(sql, str(entry)).fetchone() self.entry = entry self.title = result[0] self.content = result[1] |