fix viewPerson query to be secure

2025-08-12 22:09:07 +02:00 · 2024-04-18 21:01:52 +02:00
parent 5e8cdecca7
commit 5d03c51097
1 changed files with 1 additions and 3 deletions
--- a/backend/handlers/viewPerson.go
+++ b/backend/handlers/viewPerson.go
@@ -2,7 +2,6 @@ package handlers

 import (
 	"context"
-	"fmt"
 	"log"
 	"net/http"
 	"time"
@@ -25,9 +24,8 @@ func ViewPerson(driver neo4j.DriverWithContext) gin.HandlerFunc {

 			return
 		}
-		query := fmt.Sprintf("MATCH (n:Person) WHERE n.ID = '%s' RETURN n;", id)

-		result, err := session.Run(ctx, query, nil)
+		result, err := session.Run(ctx, "MATCH (n:Person) WHERE n.ID = $person_id RETURN n;", map[string]any{"person_id": id})
 		if err != nil {
 			log.Println(err)
 			c.JSON(http.StatusInternalServerError, gin.H{"error": "internal server error"})