From 2f082ad3c1fd8b0e730927fc140b84a1a0a3e34d Mon Sep 17 00:00:00 2001
From: bablu <bkrockx@gmail.com>
Date: Tue, 23 Aug 2022 16:21:49 +0530
Subject: [PATCH] testing sql injection

---
 models/models.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/models/models.go b/models/models.go
index 9f525ae..845dcfb 100644
--- a/models/models.go
+++ b/models/models.go
@@ -35,7 +35,8 @@ func AllBooks() ([]Book, error) {
 // the query, you should be using a parameterized query.
 func NameQuery(r string) ([]Book, error) {
 	// Fix: rows, err := DB.Query("SELECT * FROM books WHERE name = ?", r)
-	rows, err := DB.Query(fmt.Sprintf("SELECT * FROM books WHERE name = '%s'", r))
+	query := fmt.Sprintf("SELECT * FROM books WHERE name = '%s'", r)
+	rows, err := DB.Query(query)
 	if err != nil {
 		return nil, err
 	}