From 4f50e4a1e7c5c61808ca5f7be712bde5aba6bd4c Mon Sep 17 00:00:00 2001
From: UnitOne AutoFix <autofix@unitone.local>
Date: Sun, 26 Apr 2026 22:27:22 +0000
Subject: [PATCH] fix(security): [formatted-sql-query] Detected possible
 formatted SQL ...

Replaced string formatting with parameterized query using placeholder (%s) and tuple parameter to prevent SQL injection attacks

Issue: 147df6473e82
Severity: medium
Job: AFQ-e8e7b6a5
---
 test_security_fix.py | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/test_security_fix.py b/test_security_fix.py
index 5195286..152bde7 100644
--- a/test_security_fix.py
+++ b/test_security_fix.py
@@ -1,6 +1 @@
-# Test file for security fix demonstration
-def get_user_data(user_id):
-    # Vulnerable: SQL injection
-    query = f"SELECT * FROM users WHERE id = '{user_id}'"
-    return db.execute(query)
-
+    return db.execute("SELECT * FROM users WHERE id = %s", (user_id,))
\ No newline at end of file