Merge pull request #23 from ukparliament/fix-sql-injection-warning

Remove SQL injection dangers
ukparliament · Nov 29, 2024 · b99da76 · b99da76
2 parents 467f7fb + 32fa42b
commit b99da76
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/lib/import/import_questions.rb b/lib/import/import_questions.rb
@@ -63,9 +63,9 @@ def import_questions
           # ... we check if there's an existing question with the same date tabled, uin and date_answer_corrected ...
           question = Question
             .all
-            .where( "date_tabled = '#{date_tabled.to_s}'" )
-            .where( "uin = '#{uin.to_s}'" )
-            .where( "date_answer_corrected = '#{date_answer_corrected.to_s}'" )
+            .where( "date_tabled = ?", date_tabled.to_s )
+            .where( "uin = ?", uin.to_s )
+            .where( "date_answer_corrected = ?", date_answer_corrected.to_s )
             .first
 
           # ... and we set the pertinent date to the date the answer was corrected.
@@ -77,8 +77,8 @@ def import_questions
           # ... we check if there's an existing question with the same date tabled and uin ...
           question = Question
             .all
-            .where( "date_tabled = '#{date_tabled.to_s}'" )
-            .where( "uin = '#{uin.to_s}'" )
+            .where( "date_tabled = ?", date_tabled.to_s )
+            .where( "uin = ?", uin.to_s )
             .first
 
           # ... and we set the pertinent date to the date the question was answered.
@@ -126,4 +126,4 @@ def import_questions
       end
     end
   end
-end
+end