From 7ccf81df96966db15d9348211311624e6c298613 Mon Sep 17 00:00:00 2001
From: github-cloudlabsuser-128
 <128723077+github-cloudlabsuser-128@users.noreply.github.com>
Date: Wed, 18 Dec 2024 19:46:03 +0000
Subject: [PATCH] Fix code scanning alert no. 3: SQL query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 app.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app.py b/app.py
index abef24f..d51ec3e 100644
--- a/app.py
+++ b/app.py
@@ -19,8 +19,8 @@ def init_db():
 def get_user():
    user_id = request.args.get('id')
    cursor = conn.cursor()
-   # Introducing SQL Injection vulnerability
-   cursor.execute(f"SELECT name FROM user WHERE id = {user_id}")
+   # Use parameterized query to prevent SQL Injection
+   cursor.execute("SELECT name FROM user WHERE id = ?", (user_id,))
    user = cursor.fetchone()
    if user:
        return f"User: {user[0]}"