diff options
author | BonfaceKilz | 2021-06-03 21:45:25 +0300 |
---|---|---|
committer | BonfaceKilz | 2021-06-03 21:58:31 +0300 |
commit | bef67489908e28c170e28cde637627c17a0d1db7 (patch) | |
tree | 1c1c6e321edda9aa1c8a8fcb8fe605f397182d35 /gn3 | |
parent | 9a07a39e943a406152b10eda984d5949223cef47 (diff) | |
download | genenetwork3-bef67489908e28c170e28cde637627c17a0d1db7.tar.gz |
Use prepared statements for FETCH sql function
Diffstat (limited to 'gn3')
-rw-r--r-- | gn3/db/__init__.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/gn3/db/__init__.py b/gn3/db/__init__.py index d62b575..fea43ec 100644 --- a/gn3/db/__init__.py +++ b/gn3/db/__init__.py @@ -66,14 +66,14 @@ def fetchone(conn: Any, """Run a SELECT on a table. Returns only one result!""" if not any(astuple(where)): return None + where_ = {k: v for k, v in asdict(where).items() + if v is not None and k in TABLEMAP[table]} sql = f"SELECT * FROM {table} " sql += "WHERE " sql += " AND ".join(f"{TABLEMAP[table].get(k)} = " - f"'{escape_string(str(v)).decode('utf-8')}'" for - k, v in asdict(where).items() - if v is not None and k in TABLEMAP[table]) + "%s" for k in where_.keys()) with conn.cursor() as cursor: - cursor.execute(sql) + cursor.execute(sql, tuple(where_.values())) return DATACLASSMAP[table](*cursor.fetchone()) |