From 019a2e31320d7c7906857b68c665af7c2fe78199 Mon Sep 17 00:00:00 2001
From: "patched.codes[bot]"
 <298395+patched.codes[bot]@users.noreply.github.com>
Date: Tue, 23 Jan 2024 09:29:01 +0000
Subject: [PATCH] Patched!

---
 index.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.py b/index.py
index 83759b9..1f3721e 100644
--- a/index.py
+++ b/index.py
@@ -7,16 +7,16 @@
 }
 
 def get_data_by_config_value(value):
-    # This might look suspicious due to string concatenation with values from CONFIG.
-    query = "SELECT * FROM " + CONFIG["default_table"] + " WHERE " + CONFIG["default_column"] + " = '" + value + "'"
+    # Use a parameterized query to prevent SQL injection
+    query = f"SELECT * FROM {CONFIG['default_table']} WHERE {CONFIG['default_column']} = ?"
 
     connection = sqlite3.connect("database.db")
     cursor = connection.cursor()
-    cursor.execute(query)
+    cursor.execute(query, (value,))
     result = cursor.fetchall()
     connection.close()
 
     return result
 
 # Test
-print(get_data_by_config_value("admin"))
+print(get_data_by_config_value("admin"))
\ No newline at end of file