From 4607e3ee38d0dd2854c7f865f4021ec2f4fc48e0 Mon Sep 17 00:00:00 2001
From: sanchegm <sanchegm@stanford.edu>
Date: Mon, 1 Jul 2024 20:39:23 -0700
Subject: [PATCH] SQL sanitization

---
 src/affiliation.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/affiliation.py b/src/affiliation.py
index 56134d1..8ab8304 100644
--- a/src/affiliation.py
+++ b/src/affiliation.py
@@ -67,10 +67,10 @@ def get_by_id(cls, id_) -> Optional['Affiliation']:
         con = sqlite3.connect(DB_FILE)  # type: ignore
         cur = con.cursor()
         try:
-            cur.execute(f"SELECT * FROM affiliations WHERE id = {id_}")
+            cur.execute("SELECT * FROM affiliations WHERE id = ?", (id_, ))
             result = cur.fetchone()
         except sqlite3.Error as err:
-            logger.error("Unable to get all affiliations")
+            logger.error("Unable to get affiliation by ID")
             logger.error("Error code: %s", err.sqlite_errorcode)
             logger.error("Error name: %s", err.sqlite_errorname)
             con.rollback()