From b95cceaac6fa6a19465f30a175dcf80851a5c98e Mon Sep 17 00:00:00 2001
From: Mathew Payne <geekmasher@gmail.com>
Date: Thu, 7 Oct 2021 12:47:01 +0100
Subject: [PATCH] Fix security vulnerability

---
 server/routes.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/routes.py b/server/routes.py
index bab7594..193477e 100644
--- a/server/routes.py
+++ b/server/routes.py
@@ -13,13 +13,13 @@ def index():
 
     if name:
         cursor.execute(
-            "SELECT * FROM books WHERE name LIKE '%" + name + "%'"
+            "SELECT * FROM books WHERE name LIKE :name", {'name': f"%{name}%"}
         )
         books = [Book(*row) for row in cursor]
 
     elif author:
         cursor.execute(
-            "SELECT * FROM books WHERE author LIKE '%" + author + "%'"
+            "SELECT * FROM books WHERE author LIKE :author", {'author': f"%{author}%"}
         )
         books = [Book(*row) for row in cursor]