change query type to constant type

Faten-Org · Nov 6, 2017 · 2b1058a · 2b1058a
1 parent c2a33d4
commit 2b1058a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/vulnerability/idor/function.go b/vulnerability/idor/function.go
@@ -2,7 +2,6 @@ package idor
 
 import(
 	"log"
-	"fmt"
 	"html"
 	"regexp"
 	"database/sql"
@@ -35,7 +34,8 @@ func(p *Profile)GetData(uid string) error{
 
 	/* this funciton use to get data Profile from database with prepare statement */
 
-	getProfileSql := fmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number 
+	const ( 
+		getProfileSql = `SELECT p.user_id, p.full_name, p.city, p.phone_number 
 		FROM Profile as p,Users as u 
 		where p.user_id = u.id 
 		and u.id=?`)
@@ -55,7 +55,8 @@ func(p *Profile)GetData(uid string) error{
 
 func(p *Profile)UpdateProfile(name,city,phoneNumber, uid string)error{
 
-	sql := fmt.Sprintf(`UPDATE Profile 
+	const (
+		sql = `UPDATE Profile 
 		set full_name=?, 
 		city=?, 
 		phone_number=? 

diff --git a/vulnerability/sqli/function.go b/vulnerability/sqli/function.go
@@ -57,10 +57,12 @@ func(p *Profile)SafeQueryGetData(uid string) error{
 
 	/* this funciton use to get data Profile from database with prepare statement */
 
-	getProfileSql := fmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number 
+	const (
+		getProfileSql = 
+		`SELECT p.user_id, p.full_name, p.city, p.phone_number 
 		FROM Profile as p,Users as u 
 		where p.user_id = u.id 
-		and u.id=?`)
+		and u.id=?`) 
 
 	stmt, err := DB.Prepare(getProfileSql) //prepare statement 
 	if err != nil{