From 7a3de49769ec7e044bf2a5f806c4be581bc0a61f Mon Sep 17 00:00:00 2001
From: Fabien Zucchet <fabien.zucchet@student-cs.fr>
Date: Tue, 2 Mar 2021 13:23:04 +0100
Subject: [PATCH] Try to fix SQL injections

---
 back/src/controllers/administrateur.controller.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/back/src/controllers/administrateur.controller.js b/back/src/controllers/administrateur.controller.js
index 18a99fd3..b8257179 100644
--- a/back/src/controllers/administrateur.controller.js
+++ b/back/src/controllers/administrateur.controller.js
@@ -30,11 +30,10 @@ function getAdministrateurs(req, res) {
 
 function addNewAdministrateur(req, res) {
   var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Admin` (`login`) VALUES (??);";
+  var query = "INSERT INTO `Admin` (`login`) VALUES (?);";
   var inserts = [req.body.login];
-  var completeQuery = mysql.format(query, inserts);
   con.connect();
-  con.query(completeQuery, (err, result) => {
+  con.query(query, inserts, (err, result) => {
     if (err) {
       console.log(err)
       return res.send({ success: false })
-- 
GitLab