Finished SQL injection example

Author: gregdevore

main.py

@@ -15,7 +15,7 @@ def home():
 
         transaction = "INSERT INTO messages VALUES ('{}', '{}')".format(
             request.remote_addr,
-            request.form['content'],
+            request.form['content'].replace('\'',''),
         )
         c.execute(transaction)
         conn.commit()
@@ -35,7 +35,7 @@ def home():
 
 <h2>Messages</h2>
 """
-    
+
     for m in c.execute("SELECT * FROM messages"):
         body += """
 <div class="message">
@@ -45,10 +45,9 @@ def home():
 
     c.close()
 
-    return body 
+    return body
 
 
 if __name__ == "__main__":
     port = int(os.environ.get("PORT", 6779))
     app.run(host='0.0.0.0', port=port)
-