Open lukaqueres opened 2 years ago
Edit: There is an idea of function detecting SQL code passed as attribute, it coud display special message in such cases
Lemme help!
Well
This sucks but there is still error.
In functions.py
File "/app/discord_bot/cogs/message_check.py", line 314, in on_message database_record = get_database_data('servers_properties', 'message_check_feature', guild_id) File "/app/discord_bot/functions.py", line 34, in get_database_data cur.execute(psycopg2.errors.SyntaxError: syntax error at or near "'servers_properties'" LINE 1: SELECT 'message_check_feature' from 'servers_properties' WHE...
Because of huge security problem with SELECTs in code, featuring in-string variable passing please edit this, as fallows in article
https://www.psycopg.org/docs/usage.html#the-problem-with-the-query-parameters