diff options
| author | Munyoki Kilyungi | 2023-09-04 21:49:55 +0300 |
|---|---|---|
| committer | BonfaceKilz | 2023-09-05 14:57:51 +0300 |
| commit | 92cf784b1afae088122ef8af556d6df6d66de5f9 (patch) | |
| tree | b848451414c27a1230700612ecc3bcfc03320a0d /gn3 | |
| parent | ea3030f90e23cfbbde4c5a19a18f81af4712535c (diff) | |
| download | genenetwork3-92cf784b1afae088122ef8af556d6df6d66de5f9.tar.gz | |
Replace "escape_string" with safe-query parameters
Signed-off-by: Munyoki Kilyungi <me@bonfacemunyoki.com>
Diffstat (limited to 'gn3')
| -rw-r--r-- | gn3/db/species.py | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/gn3/db/species.py b/gn3/db/species.py index 743e797..e43ec14 100644 --- a/gn3/db/species.py +++ b/gn3/db/species.py @@ -3,7 +3,6 @@ groups. Particularly useful when generating the menu """ from typing import Any, Optional, Tuple -from MySQLdb import escape_string def get_all_species(conn: Any) -> Optional[Tuple]: @@ -23,15 +22,15 @@ def get_chromosome(name: str, is_species: bool, conn: Any) -> Optional[Tuple]: "Length FROM Chr_Length, Species WHERE " "Chr_Length.SpeciesId = Species.SpeciesId AND " "Species.Name = " - f"'{escape_string(name).decode('UTF-8')}' ORDER BY OrderId") + "%(name)s ORDER BY OrderId") if not is_species: _sql = ("SELECT Chr_Length.Name, Chr_Length.OrderId, " "Length FROM Chr_Length, InbredSet WHERE " "Chr_Length.SpeciesId = InbredSet.SpeciesId AND " "InbredSet.Name = " - f"'{escape_string(name).decode('UTF-8')}' ORDER BY OrderId") + "%(name)s ORDER BY OrderId") with conn.cursor() as cursor: - cursor.execute(_sql) + cursor.execute(_sql, {'name': name}) return cursor.fetchall() def translate_to_mouse_gene_id(species: str, geneid: int, conn: Any) -> int: |