testing sql injection

bkrockx · Aug 23, 2022 · 2f082ad · 2f082ad
1 parent 8d7266d
commit 2f082ad
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/models/models.go b/models/models.go
@@ -35,7 +35,8 @@ func AllBooks() ([]Book, error) {
 // the query, you should be using a parameterized query.
 func NameQuery(r string) ([]Book, error) {
 	// Fix: rows, err := DB.Query("SELECT * FROM books WHERE name = ?", r)
-	rows, err := DB.Query(fmt.Sprintf("SELECT * FROM books WHERE name = '%s'", r))
+	query := fmt.Sprintf("SELECT * FROM books WHERE name = '%s'", r)
+	rows, err := DB.Query(query)
 	if err != nil {
 		return nil, err
 	}