Changed SQL INSERT so no injection is possible

bot/dbhelper.py

@@ -2,6 +2,12 @@ import sqlite3
 import requests
 import constants
 import helpers
+import logging
+
+# Enable logging
+logging.basicConfig(
+    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', level=logging.INFO
+)
 
 def setup_db():
     con = sqlite3.connect(constants.DB)
@@ -13,10 +19,12 @@ def setup_db():
     con.close()
 
 def add_product(tg_user, tg_group, tg_user_id, tg_group_id, url, referurl, title, price, image):
+    logging.info(f"Inserting into database: tg_user: '{tg_user}', tg_group: '{tg_group}', tg_user_id: {tg_user_id}, tg_group_id: {tg_group_id}, url: '{url}', referurl: '{referurl}', price: '{price}', title: '{title}', image: '{image}'")
     con = sqlite3.connect(constants.DB)
     cur = con.cursor()
+    params = (tg_user, tg_group, tg_user_id, tg_group_id, url, referurl, title, price, image)
     cur.execute(f"INSERT INTO amazon (tg_user, tg_group, tg_user_id, tg_group_id, url, referurl, price, title, image) \
-        VALUES ('{tg_user}', '{tg_group}', {tg_user_id}, {tg_group_id}, '{url}', '{referurl}', '{price}', '{title}', '{image}')")
+        VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)", params)
     product_id = cur.lastrowid
     con.commit()
     con.close()

bot/parser.py

@@ -25,7 +25,11 @@ def get_price(soup):
         if "€" not in price:
             price = "N/A"
     except AttributeError:
-        price = "N/A"	
+        price = "N/A"
+    except Exception as e:
+        price = "N/A"
+        logging.price(f"Error getting price, using N/A: {e}")
+    logging.info(f"Price found: {price}")
 
     return price