Replace "escape_string" with safe-query parameters

Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
author: Munyoki Kilyungi 2023-09-04 21:49:55 +0300
committer: BonfaceKilz 2023-09-05 14:57:51 +0300
commit: 92cf784b1afae088122ef8af556d6df6d66de5f9 (patch)
tree: b848451414c27a1230700612ecc3bcfc03320a0d
parent: ea3030f90e23cfbbde4c5a19a18f81af4712535c (diff)
download: genenetwork3-92cf784b1afae088122ef8af556d6df6d66de5f9.tar.gz
2 files changed, 7 insertions, 6 deletions
diff --git a/gn3/db/species.py b/gn3/db/species.py
index 743e797..e43ec14 100644
--- a/gn3/db/species.py
+++ b/gn3/db/species.py
@@ -3,7 +3,6 @@ groups. Particularly useful when generating the menu
 
 """
 from typing import Any, Optional, Tuple
-from MySQLdb import escape_string
 
 
 def get_all_species(conn: Any) -> Optional[Tuple]:
@@ -23,15 +22,15 @@ def get_chromosome(name: str, is_species: bool, conn: Any) -> Optional[Tuple]:
             "Length FROM Chr_Length, Species WHERE "
             "Chr_Length.SpeciesId = Species.SpeciesId AND "
             "Species.Name = "
-            f"'{escape_string(name).decode('UTF-8')}' ORDER BY OrderId")
+            "%(name)s ORDER BY OrderId")
     if not is_species:
         _sql = ("SELECT Chr_Length.Name, Chr_Length.OrderId, "
                 "Length FROM Chr_Length, InbredSet WHERE "
                 "Chr_Length.SpeciesId = InbredSet.SpeciesId AND "
                 "InbredSet.Name = "
-                f"'{escape_string(name).decode('UTF-8')}' ORDER BY OrderId")
+                "%(name)s ORDER BY OrderId")
     with conn.cursor() as cursor:
-        cursor.execute(_sql)
+        cursor.execute(_sql, {'name': name})
         return cursor.fetchall()
 
 def translate_to_mouse_gene_id(species: str, geneid: int, conn: Any) -> int:
diff --git a/tests/unit/db/test_species.py b/tests/unit/db/test_species.py
index 073931e..ee9658f 100644
--- a/tests/unit/db/test_species.py
+++ b/tests/unit/db/test_species.py
@@ -24,7 +24,8 @@ class TestChromosomes(TestCase):
                 "SELECT Chr_Length.Name, Chr_Length.OrderId, "
                 "Length FROM Chr_Length, Species WHERE "
                 "Chr_Length.SpeciesId = Species.SpeciesId AND "
-                "Species.Name = 'TestCase' ORDER BY OrderId"
+                "Species.Name = %(name)s ORDER BY OrderId",
+                {'name': 'TestCase'}
             )
 
     @pytest.mark.unit_test
@@ -40,7 +41,8 @@ class TestChromosomes(TestCase):
                 "SELECT Chr_Length.Name, Chr_Length.OrderId, "
                 "Length FROM Chr_Length, InbredSet WHERE "
                 "Chr_Length.SpeciesId = InbredSet.SpeciesId AND "
-                "InbredSet.Name = 'TestCase' ORDER BY OrderId"
+                "InbredSet.Name = %(name)s ORDER BY OrderId",
+                {'name': 'TestCase'}
             )
 
     @pytest.mark.unit_test
author	Munyoki Kilyungi	2023-09-04 21:49:55 +0300
committer	BonfaceKilz	2023-09-05 14:57:51 +0300
commit	92cf784b1afae088122ef8af556d6df6d66de5f9 (patch)
tree	b848451414c27a1230700612ecc3bcfc03320a0d
parent	ea3030f90e23cfbbde4c5a19a18f81af4712535c (diff)
download	genenetwork3-92cf784b1afae088122ef8af556d6df6d66de5f9.tar.gz