From d94cf625f85327f301fd975addb1e055a0160783 Mon Sep 17 00:00:00 2001
From: ElnuDev <elnu@elnu.com>
Date: Sun, 24 Jul 2022 12:32:15 -0700
Subject: [PATCH] Use params instead of format for fetching comments

---
 src/database.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/database.rs b/src/database.rs
index 0e14a77..dcbdbd0 100644
--- a/src/database.rs
+++ b/src/database.rs
@@ -32,12 +32,12 @@ impl Database {
 
     pub fn get_comments(&self, content_id: &str) -> Result<Vec<Comment>> {
         self.conn
-            .prepare(&format!("SELECT id, author, email, text, timestamp FROM comment WHERE content_id='{content_id}' AND parent IS NULL ORDER BY timestamp DESC"))?
-            .query_map([], |row| {
+            .prepare("SELECT id, author, email, text, timestamp FROM comment WHERE content_id=?1 AND parent IS NULL ORDER BY timestamp DESC")?
+            .query_map(params![content_id], |row| {
                 let id = row.get::<usize, Option<i64>>(0)?.unwrap();
                 let replies = self.conn
-                    .prepare(&format!("SELECT id, author, email, text, timestamp FROM comment WHERE parent={id}"))?
-                    .query_map([], |row| {
+                    .prepare("SELECT id, author, email, text, timestamp FROM comment WHERE parent=?1")?
+                    .query_map(params![id], |row| {
                         Ok(Comment {
                             id: row.get(0)?,
                             author: row.get(1)?,