Use parameters for sql queries

fastapi_server/models/chat_messages.py

@@ -25,9 +25,9 @@ async def table_exists(table_name: str) -> bool:
     conn = await create_connection()
     # pyre-fixme[11]
     data: Record = await conn.fetchrow(
-        f"""
-SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE '{table_name}');
-"""
+        """
+SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE $1);
+""", table_name
     )
     return data.get("exists")
 
@@ -53,6 +53,7 @@ async def chat_create_tables() -> None:
 async def get_all_messages() -> list[Record]:
     conn = await create_connection()
     async with conn.transaction():
+        # TODO Only get messages <24h old
         return await conn.fetch(
             f"""
 SELECT id, time_stamp, message_author, chat_message FROM {TABLE_NAME}
@@ -69,8 +70,8 @@ async def add_message(time_stamp: str, message_author: str, chat_message: str) -
         await conn.execute(
             f"""
 INSERT INTO {TABLE_NAME} (time_stamp, message_author, chat_message) 
-VALUES ('{time_stamp}', '{message_author}', '{chat_message}');
-"""
+VALUES ($1, $2, $3);
+""", time_stamp, message_author, chat_message
         )
         # Assume increasing ids
         row: Record = await conn.fetchrow(

fastapi_server/models/todo_item.py

@@ -26,9 +26,9 @@ async def table_exists(table_name: str) -> bool:
     conn = await create_connection()
     # pyre-fixme[11]
     data: Record = await conn.fetchrow(
-        f"""
-SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE '{table_name}');
-"""
+        """
+SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE $1);
+""", table_name
     )
     return data.get("exists")
 
@@ -62,8 +62,8 @@ async def add_todo(todotext: str) -> Record:
     conn = await create_connection()
     async with conn.transaction():
         await conn.execute(f"""
-INSERT INTO {TABLE_NAME} (todotext, done) VALUES ('{todotext}', false);
-""")
+INSERT INTO {TABLE_NAME} (todotext, done) VALUES ($1, false);
+""", todotext)
         # Assume increasing ids
         row: Record = await conn.fetchrow(
             f"""
@@ -80,16 +80,16 @@ async def toggle_todo(todoid: int) -> None:
     conn = await create_connection()
     async with conn.transaction():
         await conn.execute(f"""
-UPDATE {TABLE_NAME} SET done = NOT done WHERE id = {todoid};
-""")
+UPDATE {TABLE_NAME} SET done = NOT done WHERE id = $1;
+""", todoid)
 
 
 async def delete_todo(todoid: int) -> None:
     conn = await create_connection()
     async with conn.transaction():
         await conn.execute(f"""
-DELETE FROM {TABLE_NAME} WHERE id = {todoid};
-""")
+DELETE FROM {TABLE_NAME} WHERE id = $1;
+""", todoid)
 
 
 async def main():

transcribe_website/transcriber_backend/src/models/transcribe_model.py

@@ -112,7 +112,7 @@ class TranscriptionJob(db.Entity):
 
     @classmethod
     def from_tuple(cls, job_tuple: tuple) -> TranscriptionJob:
-        entity_dict = {col_name: value for col_name, value in zip(cls._columns_, job_tuple)}  # pyre-ignore[16]
+        entity_dict = {col_name: value for col_name, value in zip(cls._columns_, job_tuple)}  # pyre-fixme[16]
         return TranscriptionJob(**entity_dict)
 
     @property