Use prepared statement

2024-12-30 23:47:40 +01:00
parent 4ce099621d
commit e5e85d494e
2 changed files with 15 additions and 5 deletions
--- a/cmd/web/main.go
+++ b/cmd/web/main.go
@ -8,6 +8,7 @@ import (
 	"context"
 	"database/sql"
 	_ "github.com/mattn/go-sqlite3"
 	"log"
 	"log/slog"
 	"net/http"
 	"os"
@ -69,6 +70,11 @@ func openDb() (*sql.DB, error) {
 	if err == nil {
 		err = db.Ping()
 	}
 	_, err = db.Exec("PRAGMA foreign_keys = ON")
 	if err != nil {
 		log.Fatalf("Failed to enable foreign key constraints: %v", err)
 	}
 	return db, err
 }
--- a/internal/models/elections.go
+++ b/internal/models/elections.go
@ -20,10 +20,14 @@ func (e *ElectionModel) Insert(name string, tokens int, areVotersKnown bool, max
 	}
 	defer tx.Rollback()
-	result, err := tx.Exec(`
+	stmt, err := tx.Prepare(`
-        INSERT INTO elections (name, tokens, are_voters_known, max_voters, expires_at)
+		INSERT INTO elections (name, tokens, are_voters_known, max_voters, expires_at)
-        VALUES (?, ?, ?, ?, ?)`,
+        VALUES (?, ?, ?, ?, ?)`)
-		name, tokens, areVotersKnown, maxVoters, expiresAt)
+	if err != nil {
 		return 0, err
 	}
 	result, err := stmt.Exec(name, tokens, areVotersKnown, maxVoters, expiresAt)
 	if err != nil {
 		return 0, err
 	}
@ -33,7 +37,7 @@ func (e *ElectionModel) Insert(name string, tokens int, areVotersKnown bool, max
 		return 0, err
 	}
-	stmt, err := tx.Prepare(`
+	stmt, err = tx.Prepare(`
        INSERT INTO choices (text, election_id)
        VALUES (?, ?)`)
 	if err != nil {