Jocaru/amazon-telegram
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed SQL INSERT so no injection is possible

Browse Source
This commit is contained in:
Joan
2023-09-02 22:00:59 +02:00
parent d3651352ee
commit 8071324adf
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bot/dbhelper.py
View File

@@ -2,6 +2,12 @@ import sqlite3
import requests
import constants
import helpers
import logging
# Enable logging
logging.basicConfig(
format='%(asctime)s - %(name)s - %(levelname)s - %(message)s', level=logging.INFO
)
def setup_db():
con = sqlite3.connect(constants.DB)
@@ -13,10 +19,12 @@ def setup_db():
con.close()
def add_product(tg_user, tg_group, tg_user_id, tg_group_id, url, referurl, title, price, image):
logging.info(f"Inserting into database: tg_user: '{tg_user}', tg_group: '{tg_group}', tg_user_id: {tg_user_id}, tg_group_id: {tg_group_id}, url: '{url}', referurl: '{referurl}', price: '{price}', title: '{title}', image: '{image}'")
con = sqlite3.connect(constants.DB)
cur = con.cursor()
params = (tg_user, tg_group, tg_user_id, tg_group_id, url, referurl, title, price, image)
cur.execute(f"INSERT INTO amazon (tg_user, tg_group, tg_user_id, tg_group_id, url, referurl, price, title, image) \
VALUES ('{tg_user}', '{tg_group}', {tg_user_id}, {tg_group_id}, '{url}', '{referurl}', '{price}', '{title}', '{image}')")
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)", params)
product_id = cur.lastrowid
con.commit()
con.close()

6
bot/parser.py
View File

@@ -25,7 +25,11 @@ def get_price(soup):
if "" not in price:
price = "N/A"
except AttributeError:
price = "N/A"
price = "N/A"
except Exception as e:
price = "N/A"
logging.price(f"Error getting price, using N/A: {e}")
logging.info(f"Price found: {price}")
return price