Fixed problem with seen query using unescaped nicknames. Not sure

why this is necessary though (see issue #29). Removed import of datetime since it's no longer used (closes #26). All unit tests pass again.
gunnbr · Feb 26, 2017 · 88d6626 · 88d6626
1 parent 0bf68fd
commit 88d6626
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/DbAccess.py b/DbAccess.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python
 
-import time, sys, os, datetime, string
+import time, sys, os, string
 import MySQLdb
 
 class Seen:
@@ -104,7 +104,7 @@ def close(self):
 
     def seen(self, nick):
         nick = string.replace(nick,"*","%")
-        return self.executeAndFetchAll("SELECT * FROM seen WHERE name LIKE %s ORDER BY timestamp DESC LIMIT 3", nick)
+        return self.executeAndFetchAll("SELECT * FROM seen WHERE name LIKE %s ORDER BY timestamp DESC LIMIT 3", MySQLdb.escape_string(nick))
 
     def updateSeen(self, nick, channel, message):
         rows = self.executeAndFetchAll("SELECT id FROM seen WHERE name = %s", nick)