multiverseweb
Secure DB config + Parameterized SQL + Unified schema (env-based)
This PR addresses security and reliability issues around DB configuration and SQL usage.
Changes:
Move DB config to env variables via software/db_config.py (dotenv support). Add .env.example for contributors. Parameterize SQL queries in software/manage_data.py; eliminate string interpolation. Ensure DB selection via DB_NAME; main and manage_data now CREATE/USE configured DB. Align software/report.py with shared schema (tables user/finance) and use db_config. Why:
Prevent hardcoded credentials and inconsistent schemas. Eliminate SQL injection risks. Make local setup reproducible and safer. Testing:
Ran through login/insert/delete paths with a local MySQL; verified tables are created in DB_NAME and queries succeed. Follow-ups:
Consider parameterizing remaining queries in software/main.py UI if any remain in other branches. Optionally add unit tests for encrypt/decrypt and DB helpers.
🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from team will review it soon. We appreciate your support in making better.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Deploy Preview for multiverse-dataverse ready!
| Name | Link |
|---|---|
| Latest commit | d3b069a85635fdb7b8f00c1aaf8b17e5b935e71e |
| Latest deploy log | https://app.netlify.com/projects/multiverse-dataverse/deploys/68a2e4cc8ceed90008df7779 |
| Deploy Preview | https://deploy-preview-421--multiverse-dataverse.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify project configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}