From 091e090b2af408f869b5c0d7105352f89cab0c6f Mon Sep 17 00:00:00 2001
From: Shadi Samadi <s-samadi@github.com>
Date: Tue, 14 Jan 2025 22:06:55 +1100
Subject: [PATCH] Fix code scanning alert no. 2: Database query built from
 user-controlled sources

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 gallery-service/main.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/gallery-service/main.go b/gallery-service/main.go
index 5309dbe..80d9cc0 100644
--- a/gallery-service/main.go
+++ b/gallery-service/main.go
@@ -197,13 +197,13 @@ func (g *Gallery) Create(profile *OctoProfile) error {
 func (g Gallery) Update(profile *OctoProfile) error {
 	db := GetDb()
 
-	stmt, err := db.Prepare(fmt.Sprintf("UPDATE gallery SET title = '%s', description = '%s' WHERE id = %d and login = '%s'", g.Title, g.Description, g.ID, profile.Login))
+	stmt, err := db.Prepare("UPDATE gallery SET title = ?, description = ? WHERE id = ? and login = ?")
 	if err != nil {
 		return err
 	}
 	defer stmt.Close()
 
-	r , err := stmt.Exec()
+	r , err := stmt.Exec(g.Title, g.Description, g.ID, profile.Login)
 	if err != nil {
 		return err
 	}