From f6972f8e93719d985d98e13f2dae8e74ba683d75 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 09:12:31 +0000
Subject: [PATCH] fix: resolve CodeQL alert #15 - SQL query built from
 user-controlled sources

---
 vulnerable_sql_injection.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vulnerable_sql_injection.py b/vulnerable_sql_injection.py
index 4fde29f..c2b57d4 100644
--- a/vulnerable_sql_injection.py
+++ b/vulnerable_sql_injection.py
@@ -29,8 +29,8 @@ def search():
     conn = sqlite3.connect('products.db')
     cursor = conn.cursor()
     
-    query = f"SELECT * FROM products WHERE name LIKE '%{search_term}%'"
-    cursor.execute(query)
+    query = "SELECT * FROM products WHERE name LIKE ?"
+    cursor.execute(query, (f"%{search_term}%",))
     
     results = cursor.fetchall()
     conn.close()