From 860659f39bcd715e98bb0dbbb7fc9d3694346c39 Mon Sep 17 00:00:00 2001 From: burny Date: Thu, 21 Sep 2023 11:20:00 +0200 Subject: [PATCH] Use parameters for sql queries --- fastapi_server/models/chat_messages.py | 11 ++++++----- fastapi_server/models/todo_item.py | 18 +++++++++--------- .../src/models/transcribe_model.py | 2 +- 3 files changed, 16 insertions(+), 15 deletions(-) diff --git a/fastapi_server/models/chat_messages.py b/fastapi_server/models/chat_messages.py index 53b9b85e..55a30674 100644 --- a/fastapi_server/models/chat_messages.py +++ b/fastapi_server/models/chat_messages.py @@ -25,9 +25,9 @@ async def table_exists(table_name: str) -> bool: conn = await create_connection() # pyre-fixme[11] data: Record = await conn.fetchrow( - f""" -SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE '{table_name}'); -""" + """ +SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE $1); +""", table_name ) return data.get("exists") @@ -53,6 +53,7 @@ async def chat_create_tables() -> None: async def get_all_messages() -> list[Record]: conn = await create_connection() async with conn.transaction(): + # TODO Only get messages <24h old return await conn.fetch( f""" SELECT id, time_stamp, message_author, chat_message FROM {TABLE_NAME} @@ -69,8 +70,8 @@ async def add_message(time_stamp: str, message_author: str, chat_message: str) - await conn.execute( f""" INSERT INTO {TABLE_NAME} (time_stamp, message_author, chat_message) -VALUES ('{time_stamp}', '{message_author}', '{chat_message}'); -""" +VALUES ($1, $2, $3); +""", time_stamp, message_author, chat_message ) # Assume increasing ids row: Record = await conn.fetchrow( diff --git a/fastapi_server/models/todo_item.py b/fastapi_server/models/todo_item.py index f0db07b9..0890b782 100644 --- a/fastapi_server/models/todo_item.py +++ b/fastapi_server/models/todo_item.py @@ -26,9 +26,9 @@ async def table_exists(table_name: str) -> bool: conn = await create_connection() # pyre-fixme[11] data: Record = await conn.fetchrow( - f""" -SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE '{table_name}'); -""" + """ +SELECT EXISTS (SELECT 1 FROM information_schema.tables WHERE table_name ILIKE $1); +""", table_name ) return data.get("exists") @@ -62,8 +62,8 @@ async def add_todo(todotext: str) -> Record: conn = await create_connection() async with conn.transaction(): await conn.execute(f""" -INSERT INTO {TABLE_NAME} (todotext, done) VALUES ('{todotext}', false); -""") +INSERT INTO {TABLE_NAME} (todotext, done) VALUES ($1, false); +""", todotext) # Assume increasing ids row: Record = await conn.fetchrow( f""" @@ -80,16 +80,16 @@ async def toggle_todo(todoid: int) -> None: conn = await create_connection() async with conn.transaction(): await conn.execute(f""" -UPDATE {TABLE_NAME} SET done = NOT done WHERE id = {todoid}; -""") +UPDATE {TABLE_NAME} SET done = NOT done WHERE id = $1; +""", todoid) async def delete_todo(todoid: int) -> None: conn = await create_connection() async with conn.transaction(): await conn.execute(f""" -DELETE FROM {TABLE_NAME} WHERE id = {todoid}; -""") +DELETE FROM {TABLE_NAME} WHERE id = $1; +""", todoid) async def main(): diff --git a/transcribe_website/transcriber_backend/src/models/transcribe_model.py b/transcribe_website/transcriber_backend/src/models/transcribe_model.py index f7807319..7a77a177 100644 --- a/transcribe_website/transcriber_backend/src/models/transcribe_model.py +++ b/transcribe_website/transcriber_backend/src/models/transcribe_model.py @@ -112,7 +112,7 @@ class TranscriptionJob(db.Entity): @classmethod def from_tuple(cls, job_tuple: tuple) -> TranscriptionJob: - entity_dict = {col_name: value for col_name, value in zip(cls._columns_, job_tuple)} # pyre-ignore[16] + entity_dict = {col_name: value for col_name, value in zip(cls._columns_, job_tuple)} # pyre-fixme[16] return TranscriptionJob(**entity_dict) @property