From ed123013d29ea50bea0e52fe7df7b49c2216ec99 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Wed, 25 Mar 2026 09:21:57 +0000
Subject: [PATCH] fix: resolve CodeQL alert #14 - SQL query built from
 user-controlled sources

Co-Authored-By: cfried123 <cfried123@yahoo.com>
---
 vulnerable_sql_injection.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vulnerable_sql_injection.py b/vulnerable_sql_injection.py
index 4fde29f..5bda174 100644
--- a/vulnerable_sql_injection.py
+++ b/vulnerable_sql_injection.py
@@ -11,8 +11,8 @@ def login():
     conn = sqlite3.connect('users.db')
     cursor = conn.cursor()
     
-    query = "SELECT * FROM users WHERE username='" + username + "' AND password='" + password + "'"
-    cursor.execute(query)
+    query = "SELECT * FROM users WHERE username=? AND password=?"
+    cursor.execute(query, (username, password))
     
     user = cursor.fetchone()
     conn.close()