Update index.py

Author: patched-admin

index.py

@@ -1,8 +1,14 @@
 import sqlite3
 
-def get_user_by_username(username):
-    # This might look suspicious because of string formatting.
-    query = "SELECT * FROM users WHERE username = '%s'" % sanitize_username(username)
+# Simulated config file or a settings module
+CONFIG = {
+    "default_table": "users",
+    "default_column": "username"
+}
+
+def get_data_by_config_value(value):
+    # This might look suspicious due to string concatenation with values from CONFIG.
+    query = "SELECT * FROM " + CONFIG["default_table"] + " WHERE " + CONFIG["default_column"] + " = '" + value + "'"
 
     connection = sqlite3.connect("database.db")
     cursor = connection.cursor()
@@ -12,9 +18,5 @@ def get_user_by_username(username):
 
     return result
 
-def sanitize_username(username):
-    # Only allow alphanumeric characters in the username.
-    return ''.join(char for char in username if char.isalnum())
-
 # Test
-print(get_user_by_username("admin"))
+print(get_data_by_config_value("admin"))