From 5d03c510978e7cb93a71015d0e78583e6dbc9821 Mon Sep 17 00:00:00 2001
From: Vargha Csongor <Culisa1023@gmail.com>
Date: Thu, 18 Apr 2024 21:01:52 +0200
Subject: [PATCH] fix viewPerson query to be secure

---
 backend/handlers/viewPerson.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/backend/handlers/viewPerson.go b/backend/handlers/viewPerson.go
index 3ca6d81..3550dbd 100644
--- a/backend/handlers/viewPerson.go
+++ b/backend/handlers/viewPerson.go
@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"context"
-	"fmt"
 	"log"
 	"net/http"
 	"time"
@@ -25,9 +24,8 @@ func ViewPerson(driver neo4j.DriverWithContext) gin.HandlerFunc {
 
 			return
 		}
-		query := fmt.Sprintf("MATCH (n:Person) WHERE n.ID = '%s' RETURN n;", id)
 
-		result, err := session.Run(ctx, query, nil)
+		result, err := session.Run(ctx, "MATCH (n:Person) WHERE n.ID = $person_id RETURN n;", map[string]any{"person_id": id})
 		if err != nil {
 			log.Println(err)
 			c.JSON(http.StatusInternalServerError, gin.H{"error": "internal server error"})