MySQL 지원 거의 완성 버전

app.py

@@ -164,11 +164,14 @@ create_data['all_data'] = [
     'oauth_conn'
 ]
 for i in create_data['all_data']:
-    curs.execute('create table if not exists ' + i + '(test longtext)')
+    try:
+        curs.execute(db_change('select test from ' + i + ' limit 1'))
+    except:
+        curs.execute(db_change('create table ' + i + '(test longtext)'))
 
 if setup_tool == 0:
     try:
-        curs.execute('select data from other where name = "ver"')
+        curs.execute(db_change('select data from other where name = "ver"'))
         ver_set_data = curs.fetchall()
         if not ver_set_data:
             setup_tool = 1
@@ -205,17 +208,17 @@ if setup_tool != 0:
     for create_table in create_data['all_data']:
         for create in create_data[create_table]:
             try:
-                curs.execute('select ' + create + ' from ' + create_table + ' limit 1')
+                curs.execute(db_change('select ' + create + ' from ' + create_table + ' limit 1'))
             except:
-                curs.execute("alter table " + create_table + " add " + create + " longtext default ''")
+                curs.execute(db_change("alter table " + create_table + " add " + create + " longtext default ''"))
 
     update()
 
 # Init
-curs.execute('select name from alist where acl = "owner"')
+curs.execute(db_change('select name from alist where acl = "owner"'))
 if not curs.fetchall():
-    curs.execute('delete from alist where name = "owner"')
-    curs.execute('insert into alist (name, acl) values ("owner", "owner")')
+    curs.execute(db_change('delete from alist where name = "owner"'))
+    curs.execute(db_change('insert into alist (name, acl) values ("owner", "owner")'))
 
 if not os.path.exists(app_var['path_data_image']):
     os.makedirs(app_var['path_data_image'])
@@ -230,12 +233,12 @@ server_set_key = ['host', 'port', 'language', 'markup', 'encode']
 server_set = {}
 
 for i in range(len(server_set_key)):
-    curs.execute('select data from other where name = ?', [server_set_key[i]])
+    curs.execute(db_change('select data from other where name = ?'), [server_set_key[i]])
     server_set_val = curs.fetchall()
     if not server_set_val:
         server_set_val = server_init.init(server_set_key[i])
         
-        curs.execute('insert into other (name, data) values (?, ?)', [server_set_key[i], server_set_val])
+        curs.execute(db_change('insert into other (name, data) values (?, ?)'), [server_set_key[i], server_set_val])
         conn.commit()
     else:
         server_set_val = server_set_val[0][0]
@@ -244,23 +247,23 @@ for i in range(len(server_set_key)):
     
     server_set[server_set_key[i]] = server_set_val
 
-curs.execute('select data from other where name = "key"')
+curs.execute(db_change('select data from other where name = "key"'))
 rep_data = curs.fetchall()
 if not rep_data:
     rep_key = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(16))
     if rep_key:
-        curs.execute('insert into other (name, data) values ("key", ?)', [rep_key])
+        curs.execute(db_change('insert into other (name, data) values ("key", ?)'), [rep_key])
 else:
     rep_key = rep_data[0][0]
 
-curs.execute('select data from other where name = "adsense"')
+curs.execute(db_change('select data from other where name = "adsense"'))
 adsense_result = curs.fetchall()
 if not adsense_result:
-    curs.execute('insert into other (name, data) values ("adsense", "False")')
-    curs.execute('insert into other (name, data) values ("adsense_code", "")')
+    curs.execute(db_change('insert into other (name, data) values ("adsense", "False")'))
+    curs.execute(db_change('insert into other (name, data) values ("adsense_code", "")'))
 
-curs.execute('delete from other where name = "ver"')
-curs.execute('insert into other (name, data) values ("ver", ?)', [c_ver])
+curs.execute(db_change('delete from other where name = "ver"'))
+curs.execute(db_change('insert into other (name, data) values ("ver", ?)'), [c_ver])
 
 def back_up():
     print('----')
@@ -274,7 +277,7 @@ def back_up():
     threading.Timer(60 * 60 * back_time, back_up).start()
 
 try:
-    curs.execute('select data from other where name = "back_up"')
+    curs.execute(db_change('select data from other where name = "back_up"'))
     back_up_time = curs.fetchall()
     
     back_time = int(back_up_time[0][0])
@@ -292,24 +295,24 @@ else:
 conn.commit()
 
 def count_all_title():
-    curs.execute("select count(title) from data")
+    curs.execute(db_change("select count(title) from data"))
     count_data = curs.fetchall()
     if count_data:
         count_data = count_data[0][0]
     else:
         count_data = 0
 
-    curs.execute('delete from other where name = "count_all_title"')
-    curs.execute('insert into other (name, data) values ("count_all_title", ?)', [str(count_data)])
+    curs.execute(db_change('delete from other where name = "count_all_title"'))
+    curs.execute(db_change('insert into other (name, data) values ("count_all_title", ?)'), [str(count_data)])
 
     conn.commit()
 
     threading.Timer(60 * 60 * 24, count_all_title).start()
 
-curs.execute('select data from other where name = "count_all_title"')
+curs.execute(db_change('select data from other where name = "count_all_title"'))
 all_title = curs.fetchall()
 if not all_title:
-    curs.execute('insert into other (name, data) values ("count_all_title", "0")')
+    curs.execute(db_change('insert into other (name, data) values ("count_all_title", "0")'))
 
 count_all_title()  
 

emergency_tool.py

@@ -46,10 +46,10 @@ if what_i_do == '1':
     def parser(data):
         namumark(data[0], data[1], 1)
 
-    curs.execute("delete from back")
+    curs.execute(db_change("delete from back"))
     conn.commit()
 
-    curs.execute("select title, data from data")
+    curs.execute(db_change("select title, data from data"))
     data = curs.fetchall()
     num = 0
 
@@ -63,8 +63,8 @@ if what_i_do == '1':
         if num % 10 == 0:
             print(num)
 elif what_i_do == '2':
-    curs.execute("delete from other where name = 'recaptcha'")
-    curs.execute("delete from other where name = 'sec_re'")
+    curs.execute(db_change("delete from other where name = 'recaptcha'"))
+    curs.execute(db_change("delete from other where name = 'sec_re'"))
 elif what_i_do == '3':
     print('----')
     print('IP or Name : ', end = '')
@@ -75,7 +75,7 @@ elif what_i_do == '3':
     else:
         band = ''
 
-        curs.execute("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)", 
+        curs.execute(db_change("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)"), 
             [user_data, 
             'release', 
             get_time(), 
@@ -83,25 +83,25 @@ elif what_i_do == '3':
             '', 
             band
         ])
-    curs.execute("delete from ban where block = ?", [user_data])
+    curs.execute(db_change("delete from ban where block = ?"), [user_data])
 elif what_i_do == '4':
     print('----')
     print('Host : ', end = '')
     host = input()
 
-    curs.execute("update other set data = ? where name = 'host'", [host])
+    curs.execute(db_change("update other set data = ? where name = 'host'"), [host])
 elif what_i_do == '5':
     print('----')
     print('Port : ', end = '')
     port = int(input())
 
-    curs.execute("update other set data = ? where name = 'port'", [port])
+    curs.execute(db_change("update other set data = ? where name = 'port'"), [port])
 elif what_i_do == '6':
     print('----')
     print('Skin name : ', end = '')
     skin = input()
 
-    curs.execute("update other set data = ? where name = 'skin'", [skin])
+    curs.execute(db_change("update other set data = ? where name = 'skin'"), [skin])
 elif what_i_do == '7':
     print('----')
     print('1. sha256')
@@ -127,9 +127,9 @@ elif what_i_do == '7':
         else:
             hashed = hashlib.sha3_256(bytes(user_pw, 'utf-8')).hexdigest()
        
-    curs.execute("update user set pw = ? where id = ?", [hashed, user_name])
+    curs.execute(db_change("update user set pw = ? where id = ?"), [hashed, user_name])
 elif what_i_do == '8':
-    curs.execute("update other set data = '00000' where name = 'ver'")
+    curs.execute(db_change("update other set data = '00000' where name = 'ver'"))
 elif what_i_do == '9':
     try:
         os.remove('data/set.json')
@@ -144,7 +144,7 @@ else:
     print('New name : ', end = '')
     new_name = input()
 
-    curs.execute("update user set id = ? where id = ?", [new_name, user_name])
+    curs.execute(db_change("update user set id = ? where id = ?"), [new_name, user_name])
 
 conn.commit()
 

route/alarm.py

@@ -5,7 +5,7 @@ def alarm_2(conn):
 
     data = '<ul>'    
     
-    curs.execute("select data, date from alarm where name = ? order by date desc", [ip_check()])
+    curs.execute(db_change("select data, date from alarm where name = ? order by date desc"), [ip_check()])
     data_list = curs.fetchall()
     if data_list:
         data = '<a href="/del_alarm">(' + load_lang('delete') + ')</a><hr class=\"main_hr\">' + data

route/alarm_del.py

@@ -3,7 +3,7 @@ from .tool.func import *
 def alarm_del_2(conn):
     curs = conn.cursor()
     
-    curs.execute("delete from alarm where name = ?", [ip_check()])
+    curs.execute(db_change("delete from alarm where name = ?"), [ip_check()])
     conn.commit()
 
     return redirect('/alarm')

route/api_markup.py

@@ -3,7 +3,7 @@ from .tool.func import *
 def api_markup_2(conn):
     curs = conn.cursor()
 
-    curs.execute('select data from other where name = "markup"')
+    curs.execute(db_change('select data from other where name = "markup"'))
     rep_data = curs.fetchall()
     if rep_data[0][0] != '':
         return flask.jsonify({ "markup" : rep_data[0][0] })

route/api_raw.py

@@ -4,7 +4,7 @@ def api_raw_2(conn, name):
     curs = conn.cursor()
 
     if acl_check(name, 'render') != 1:
-        curs.execute("select data from data where title = ?", [name])
+        curs.execute(db_change("select data from data where title = ?"), [name])
         data = curs.fetchall()
         if data:
             json_data = { "title" : name, "data" : render_set(title = name, data = data[0][0], s_data = 1) }

route/api_search.py

@@ -10,10 +10,10 @@ def api_search_2(conn, name):
     if num > 1000:
         num = 1
 
-    curs.execute("" + \
+    curs.execute(db_change("" + \
         "select distinct title, case when title like ? then 'title' else 'data' " + \
         "end from data where title like ? or data like ? order by case " + \
-        "when title like ? then 1 else 2 end limit ?",
+        "when title like ? then 1 else 2 end limit ?"),
         ['%' + name + '%', '%' + name + '%', '%' + name + '%', '%' + name + '%', str(num)]
     )
     all_list = curs.fetchall()

route/api_topic_sub.py

@@ -4,15 +4,15 @@ def api_topic_sub_2(conn, name, sub, time):
     curs = conn.cursor()
 
     if flask.request.args.get('num', None):
-        curs.execute("select id, data, date, ip, block, top from topic where title = ? and sub = ? and id + 0 = ? + 0 order by id + 0 asc", [
+        curs.execute(db_change("select id, data, date, ip, block, top from topic where title = ? and sub = ? and id + 0 = ? + 0 order by id + 0 asc"), [
             name, 
             sub, 
             flask.request.args.get('num', '')
         ])
     elif flask.request.args.get('top', None):
-        curs.execute("select id, data, date, ip, block, top from topic where title = ? and sub = ? and top = 'O' order by id + 0 asc", [name, sub])
+        curs.execute(db_change("select id, data, date, ip, block, top from topic where title = ? and sub = ? and top = 'O' order by id + 0 asc"), [name, sub])
     else:
-        curs.execute("select id, data, date, ip, block, top from topic where title = ? and sub = ? order by id + 0 asc", [name, sub])
+        curs.execute(db_change("select id, data, date, ip, block, top from topic where title = ? and sub = ? order by id + 0 asc"), [name, sub])
 
     data = curs.fetchall()
     if data:
@@ -33,7 +33,7 @@ def api_topic_sub_2(conn, name, sub, time):
                     t_data_f = ''
                     b_color = 'toron_color_not'
 
-                curs.execute("select who from re_admin where what = ? order by time desc limit 1", ['blind (' + name + ' - ' + sub + '#' + str(i[0]) + ')'])
+                curs.execute(db_change("select who from re_admin where what = ? order by time desc limit 1"), ['blind (' + name + ' - ' + sub + '#' + str(i[0]) + ')'])
                 who_blind = curs.fetchall()
                 if who_blind:
                     ip += ' (' + who_blind[0][0] + ' B)'
@@ -45,7 +45,7 @@ def api_topic_sub_2(conn, name, sub, time):
                     s_user = i[3]
                 else:
                     if flask.request.args.get('num', None):
-                        curs.execute("select ip from topic where title = ? and sub = ? order by id + 0 asc limit 1", [name, sub])
+                        curs.execute(db_change("select ip from topic where title = ? and sub = ? order by id + 0 asc limit 1"), [name, sub])
                         g_data = curs.fetchall()
                         if g_data:
                             s_user = g_data[0][0]
@@ -90,7 +90,7 @@ def api_topic_sub_2(conn, name, sub, time):
                 if i[4] != 'O' or (i[4] == 'O' and admin == 1):
                     t_data_f = i[1]
                 else:
-                    curs.execute("select who from re_admin where what = ? order by time desc limit 1", ['blind (' + name + ' - ' + sub + '#' + str(i[0]) + ')'])
+                    curs.execute(db_change("select who from re_admin where what = ? order by time desc limit 1"), ['blind (' + name + ' - ' + sub + '#' + str(i[0]) + ')'])
                     who_blind = curs.fetchall()
                     if who_blind:
                         t_data_f = '[[user:' + who_blind[0][0] + ']] block'

route/api_user_info.py

@@ -26,7 +26,7 @@ def api_user_info_2(conn, name):
             </table>
         '''
         
-        curs.execute("select acl from user where id = ?", [name])
+        curs.execute(db_change("select acl from user where id = ?"), [name])
         data = curs.fetchall()
         if data:
             if data[0][0] != 'user':
@@ -45,7 +45,7 @@ def api_user_info_2(conn, name):
             else:
                 match = '-'
 
-            curs.execute("select end, login, band from ban where block = ? or block = ?", [name, match])
+            curs.execute(db_change("select end, login, band from ban where block = ? or block = ?"), [name, match])
             block_data = curs.fetchall()
             if block_data:
                 if block_data[0][0] != '':

route/api_w.py

@@ -4,7 +4,7 @@ def api_w_2(conn, name):
     curs = conn.cursor()
 
     if flask.request.args.get('exist', None):
-        curs.execute("select title from data where title = ?", [name])
+        curs.execute(db_change("select title from data where title = ?"), [name])
         if curs.fetchall():
             return flask.jsonify({ "exist" : "1" })
         else:
@@ -16,7 +16,7 @@ def api_w_2(conn, name):
                 
                 return flask.jsonify({ "title" : name, "data" : g_data[0], "js_data" : g_data[1] })
             else:
-                curs.execute("select data from data where title = ?", [name])
+                curs.execute(db_change("select data from data where title = ?"), [name])
                 data = curs.fetchall()
                 if data:
                     if flask.request.args.get('include', 'include_1'):

route/edit.py

@@ -22,7 +22,7 @@ def edit_2(conn, name):
         today = get_time()
         content = savemark(flask.request.form.get('content', ''))
         
-        curs.execute("select data from data where title = ?", [name])
+        curs.execute(db_change("select data from data where title = ?"), [name])
         old = curs.fetchall()
         if old:
             leng = leng_check(len(flask.request.form.get('otent', '')), len(content))
@@ -30,15 +30,15 @@ def edit_2(conn, name):
             if flask.request.args.get('section', None):
                 content = old[0][0].replace(flask.request.form.get('otent', ''), content)
                 
-            curs.execute("update data set data = ? where title = ?", [content, name])
+            curs.execute(db_change("update data set data = ? where title = ?"), [content, name])
         else:
             leng = '+' + str(len(content))
             
-            curs.execute("insert into data (title, data) values (?, ?)", [name, content])
+            curs.execute(db_change("insert into data (title, data) values (?, ?)"), [name, content])
 
-        curs.execute("select user from scan where title = ?", [name])
+        curs.execute(db_change("select user from scan where title = ?"), [name])
         for _ in curs.fetchall():
-            curs.execute("insert into alarm (name, data, date) values (?, ?, ?)", [ip, ip + ' - <a href="/w/' + url_pas(name) + '">' + name + '</a> (Edit)', today])
+            curs.execute(db_change("insert into alarm (name, data, date) values (?, ?, ?)"), [ip, ip + ' - <a href="/w/' + url_pas(name) + '">' + name + '</a> (Edit)', today])
 
         history_plus(
             name,
@@ -49,8 +49,8 @@ def edit_2(conn, name):
             leng
         )
         
-        curs.execute("delete from back where link = ?", [name])
-        curs.execute("delete from back where title = ? and type = 'no'", [name])
+        curs.execute(db_change("delete from back where link = ?"), [name])
+        curs.execute(db_change("delete from back where title = ? and type = 'no'"), [name])
         
         render_set(
             title = name,
@@ -62,7 +62,7 @@ def edit_2(conn, name):
         
         return redirect('/w/' + url_pas(name))
     else:            
-        curs.execute("select data from data where title = ?", [name])
+        curs.execute(db_change("select data from data where title = ?"), [name])
         new = curs.fetchall()
         if new:
             if flask.request.args.get('section', None):
@@ -98,13 +98,13 @@ def edit_2(conn, name):
             get_name = ''
             
         if flask.request.args.get('plus', None):
-            curs.execute("select data from data where title = ?", [flask.request.args.get('plus', 'test')])
+            curs.execute(db_change("select data from data where title = ?"), [flask.request.args.get('plus', 'test')])
             get_data = curs.fetchall()
             if get_data:
                 data = get_data[0][0]
                 get_name = ''
 
-        curs.execute('select data from other where name = "edit_bottom_text"')
+        curs.execute(db_change('select data from other where name = "edit_bottom_text"'))
         sql_d = curs.fetchall()
         if sql_d and sql_d[0][0] != '':
             b_text = '<hr class=\"main_hr\">' + sql_d[0][0]

route/edit_delete.py

@@ -13,7 +13,7 @@ def edit_delete_2(conn, name, app_var):
         else:
             captcha_post('', 0)
 
-        curs.execute("select data from data where title = ?", [name])
+        curs.execute(db_change("select data from data where title = ?"), [name])
         data = curs.fetchall()
         if data:
             today = get_time()
@@ -29,12 +29,12 @@ def edit_delete_2(conn, name, app_var):
                 'delete'
             )
             
-            curs.execute("select title, link from back where title = ? and not type = 'cat' and not type = 'no'", [name])
+            curs.execute(db_change("select title, link from back where title = ? and not type = 'cat' and not type = 'no'"), [name])
             for data in curs.fetchall():
-                curs.execute("insert into back (title, link, type) values (?, ?, 'no')", [data[0], data[1]])
+                curs.execute(db_change("insert into back (title, link, type) values (?, ?, 'no')"), [data[0], data[1]])
             
-            curs.execute("delete from back where link = ?", [name])
-            curs.execute("delete from data where title = ?", [name])
+            curs.execute(db_change("delete from back where link = ?"), [name])
+            curs.execute(db_change("delete from data where title = ?"), [name])
             conn.commit()
 
         file_check = re.search('^file:(.+)\.(.+)$', name)
@@ -47,7 +47,7 @@ def edit_delete_2(conn, name, app_var):
             
         return redirect('/w/' + url_pas(name))
     else:
-        curs.execute("select title from data where title = ?", [name])
+        curs.execute(db_change("select title from data where title = ?"), [name])
         if not curs.fetchall():
             return redirect('/w/' + url_pas(name))
 

route/edit_move.py

@@ -12,20 +12,20 @@ def edit_move_2(conn, name):
         else:
             captcha_post('', 0)
 
-        curs.execute("select title from history where title = ?", [flask.request.form.get('title', None)])
+        curs.execute(db_change("select title from history where title = ?"), [flask.request.form.get('title', None)])
         if curs.fetchall():
             if admin_check(None, 'merge documents') == 1:
-                curs.execute("select data from data where title = ?", [flask.request.form.get('title', None)])
+                curs.execute(db_change("select data from data where title = ?"), [flask.request.form.get('title', None)])
                 data = curs.fetchall()
                 if data:            
-                    curs.execute("delete from data where title = ?", [flask.request.form.get('title', None)])
-                    curs.execute("delete from back where link = ?", [flask.request.form.get('title', None)])
+                    curs.execute(db_change("delete from data where title = ?"), [flask.request.form.get('title', None)])
+                    curs.execute(db_change("delete from back where link = ?"), [flask.request.form.get('title', None)])
                 
-                curs.execute("select data from data where title = ?", [name])
+                curs.execute(db_change("select data from data where title = ?"), [name])
                 data = curs.fetchall()
                 if data:            
-                    curs.execute("update data set title = ? where title = ?", [flask.request.form.get('title', None), name])
-                    curs.execute("update back set link = ? where link = ?", [flask.request.form.get('title', None), name])
+                    curs.execute(db_change("update data set title = ? where title = ?"), [flask.request.form.get('title', None), name])
+                    curs.execute(db_change("update back set link = ? where link = ?"), [flask.request.form.get('title', None), name])
                     
                     data_in = data[0][0]
                 else:
@@ -41,18 +41,18 @@ def edit_move_2(conn, name):
                     'marge <a>' + name + '</a> - <a>' + flask.request.form.get('title', 'test') + '</a> move'
                 )
 
-                curs.execute("update back set type = 'no' where title = ? and not type = 'cat' and not type = 'no'", [name])
-                curs.execute("delete from back where title = ? and not type = 'cat' and type = 'no'", [flask.request.form.get('title', None)])
+                curs.execute(db_change("update back set type = 'no' where title = ? and not type = 'cat' and not type = 'no'"), [name])
+                curs.execute(db_change("delete from back where title = ? and not type = 'cat' and type = 'no'"), [flask.request.form.get('title', None)])
 
-                curs.execute("select id from history where title = ? order by id + 0 desc limit 1", [flask.request.form.get('title', None)])
+                curs.execute(db_change("select id from history where title = ? order by id + 0 desc limit 1"), [flask.request.form.get('title', None)])
                 data = curs.fetchall()
                 
                 num = data[0][0]
 
-                curs.execute("select id from history where title = ? order by id + 0 asc", [name])
+                curs.execute(db_change("select id from history where title = ? order by id + 0 asc"), [name])
                 data = curs.fetchall()
                 for move in data:
-                    curs.execute("update history set title = ?, id = ? where title = ? and id = ?", [flask.request.form.get('title', None), str(int(num) + int(move[0])), name, move[0]])
+                    curs.execute(db_change("update history set title = ?, id = ? where title = ? and id = ?"), [flask.request.form.get('title', None), str(int(num) + int(move[0])), name, move[0]])
 
                 conn.commit()
 
@@ -60,11 +60,11 @@ def edit_move_2(conn, name):
             else:
                 return re_error('/error/19')
         else:
-            curs.execute("select data from data where title = ?", [name])
+            curs.execute(db_change("select data from data where title = ?"), [name])
             data = curs.fetchall()
             if data:            
-                curs.execute("update data set title = ? where title = ?", [flask.request.form.get('title', None), name])
-                curs.execute("update back set link = ? where link = ?", [flask.request.form.get('title', None), name])
+                curs.execute(db_change("update data set title = ? where title = ?"), [flask.request.form.get('title', None), name])
+                curs.execute(db_change("update back set link = ? where link = ?"), [flask.request.form.get('title', None), name])
                 
                 data_in = data[0][0]
             else:
@@ -80,10 +80,10 @@ def edit_move_2(conn, name):
                 '<a>' + name + '</a> - <a>' + flask.request.form.get('title', 'test') + '</a> move'
             )
             
-            curs.execute("update back set type = 'no' where title = ? and not type = 'cat' and not type = 'no'", [name])
-            curs.execute("delete from back where title = ? and not type = 'cat' and type = 'no'", [flask.request.form.get('title', None)])
+            curs.execute(db_change("update back set type = 'no' where title = ? and not type = 'cat' and not type = 'no'"), [name])
+            curs.execute(db_change("delete from back where title = ? and not type = 'cat' and type = 'no'"), [flask.request.form.get('title', None)])
 
-            curs.execute("update history set title = ? where title = ?", [flask.request.form.get('title', None), name])
+            curs.execute(db_change("update history set title = ? where title = ?"), [flask.request.form.get('title', None), name])
             conn.commit()
 
             return redirect('/w/' + url_pas(flask.request.form.get('title', None)))

route/edit_revert.py

@@ -5,7 +5,7 @@ def edit_revert_2(conn, name):
 
     num = int(number_check(flask.request.args.get('num', '1')))
 
-    curs.execute("select title from history where title = ? and id = ? and hide = 'O'", [name, str(num)])
+    curs.execute(db_change("select title from history where title = ? and id = ? and hide = 'O'"), [name, str(num)])
     if curs.fetchall() and admin_check(6) != 1:
         return re_error('/error/3')
 
@@ -18,24 +18,24 @@ def edit_revert_2(conn, name):
         else:
             captcha_post('', 0)
     
-        curs.execute("select data from history where title = ? and id = ?", [name, str(num)])
+        curs.execute(db_change("select data from history where title = ? and id = ?"), [name, str(num)])
         data = curs.fetchall()
         if data:
             if edit_filter_do(data[0][0]) == 1:
                 return re_error('/error/21')
 
-        curs.execute("delete from back where link = ?", [name])
+        curs.execute(db_change("delete from back where link = ?"), [name])
         conn.commit()
         
         if data:                                
-            curs.execute("select data from data where title = ?", [name])
+            curs.execute(db_change("select data from data where title = ?"), [name])
             data_old = curs.fetchall()
             if data_old:
                 leng = leng_check(len(data_old[0][0]), len(data[0][0]))
-                curs.execute("update data set data = ? where title = ?", [data[0][0], name])
+                curs.execute(db_change("update data set data = ? where title = ?"), [data[0][0], name])
             else:
                 leng = '+' + str(len(data[0][0]))
-                curs.execute("insert into data (title, data) values (?, ?)", [name, data[0][0]])
+                curs.execute(db_change("insert into data (title, data) values (?, ?)"), [name, data[0][0]])
                 
             history_plus(
                 name, 
@@ -57,7 +57,7 @@ def edit_revert_2(conn, name):
             
         return redirect('/w/' + url_pas(name))
     else:
-        curs.execute("select title from history where title = ? and id = ?", [name, str(num)])
+        curs.execute(db_change("select title from history where title = ? and id = ?"), [name, str(num)])
         if not curs.fetchall():
             return redirect('/w/' + url_pas(name))
 

route/func_title_random.py

@@ -3,11 +3,11 @@ from .tool.func import *
 def func_title_random_2(conn):
     curs = conn.cursor()
 
-    curs.execute("" + \
+    curs.execute(db_change("" + \
         "select title from data " + \
         "where title not like 'user:%' and title not like 'category:%' and title not like 'file:%'" + \
         "order by random() limit 1" + \
-    "")
+    ""))
     data = curs.fetchall()
     if data:
         return redirect('/w/' + url_pas(data[0][0]))

route/func_upload.py

@@ -34,11 +34,11 @@ def func_upload_2(conn):
 
         e_data = sha224(piece[0]) + piece[1]
 
-        curs.execute("select title from data where title = ?", ['file:' + name])
+        curs.execute(db_change("select title from data where title = ?"), ['file:' + name])
         if curs.fetchall():
             return re_error('/error/16')
 
-        curs.execute("select html from html_filter where kind = 'file'")
+        curs.execute(db_change("select html from html_filter where kind = 'file'"))
         db_data = curs.fetchall()
         for i in db_data:
             t_re = re.compile(i[0])
@@ -73,8 +73,8 @@ def func_upload_2(conn):
 
         file_d = '[[file:' + name + ']][br][br]{{{[[file:' + name + ']]}}}[br][br]' + lice
         
-        curs.execute("insert into data (title, data) values (?, ?)", ['file:' + name, file_d])
-        curs.execute("insert into acl (title, decu, dis, why, view) values (?, 'admin', '', '', '')", ['file:' + name])
+        curs.execute(db_change("insert into data (title, data) values (?, ?)"), ['file:' + name, file_d])
+        curs.execute(db_change("insert into acl (title, decu, dis, why, view) values (?, 'admin', '', '', '')"), ['file:' + name])
 
         render_set(
             title = name,
@@ -100,7 +100,7 @@ def func_upload_2(conn):
             <option value="direct_input">''' + load_lang('direct_input') + '''</option>
         '''
 
-        curs.execute("select html from html_filter where kind = 'image_license'")
+        curs.execute(db_change("select html from html_filter where kind = 'image_license'"))
         db_data = curs.fetchall()
         for i in db_data:
             license_list += '''

route/give_acl.py

@@ -30,14 +30,14 @@ def give_acl_2(conn, name):
                 check_ok = 'disabled'
 
     if flask.request.method == 'POST':
-        curs.execute("select title from acl where title = ?", [name])
+        curs.execute(db_change("select title from acl where title = ?"), [name])
         if curs.fetchall():
-            curs.execute("update acl set decu = ? where title = ?", [flask.request.form.get('decu', ''), name])
-            curs.execute("update acl set dis = ? where title = ?", [flask.request.form.get('dis', ''), name])
-            curs.execute("update acl set why = ? where title = ?", [flask.request.form.get('why', ''), name])
-            curs.execute("update acl set view = ? where title = ?", [flask.request.form.get('view', ''), name])
+            curs.execute(db_change("update acl set decu = ? where title = ?"), [flask.request.form.get('decu', ''), name])
+            curs.execute(db_change("update acl set dis = ? where title = ?"), [flask.request.form.get('dis', ''), name])
+            curs.execute(db_change("update acl set why = ? where title = ?"), [flask.request.form.get('why', ''), name])
+            curs.execute(db_change("update acl set view = ? where title = ?"), [flask.request.form.get('view', ''), name])
         else:
-            curs.execute("insert into acl (title, decu, dis, why, view) values (?, ?, ?, ?, ?)", [
+            curs.execute(db_change("insert into acl (title, decu, dis, why, view) values (?, ?, ?, ?, ?)"), [
                 name, 
                 flask.request.form.get('decu', ''), 
                 flask.request.form.get('dis', ''), 
@@ -45,9 +45,9 @@ def give_acl_2(conn, name):
                 flask.request.form.get('view', '')
             ])
         
-        curs.execute("select title from acl where title = ? and decu = '' and dis = '' and view = ''", [name])
+        curs.execute(db_change("select title from acl where title = ? and decu = '' and dis = '' and view = ''"), [name])
         if curs.fetchall():
-            curs.execute("delete from acl where title = ?", [name])
+            curs.execute(db_change("delete from acl where title = ?"), [name])
             
         all_d = ''
         for i in ['decu', 'dis', 'view']:
@@ -73,7 +73,7 @@ def give_acl_2(conn, name):
         else:
             acl_list = ['', 'user', 'admin', 'owner', '50_edit', 'email']
         
-        curs.execute("select decu from acl where title = ?", [name])
+        curs.execute(db_change("select decu from acl where title = ?"), [name])
         acl_data = curs.fetchall()
         for data_list in acl_list:
             if acl_data and acl_data[0][0] == data_list:
@@ -88,7 +88,7 @@ def give_acl_2(conn, name):
         if not re.search('^user:', name):
             data += '<hr class=\"main_hr\"><h2>' + load_lang('discussion_acl') + '</h2><hr class=\"main_hr\"><select name="dis" ' + check_ok + '>'
         
-            curs.execute("select dis, why, view from acl where title = ?", [name])
+            curs.execute(db_change("select dis, why, view from acl where title = ?"), [name])
             acl_data = curs.fetchall()
             for data_list in acl_list:
                 if acl_data and acl_data[0][0] == data_list:

route/give_admin.py

@@ -5,13 +5,13 @@ def give_admin_2(conn, name):
 
     owner = admin_check()
     
-    curs.execute("select acl from user where id = ?", [name])
+    curs.execute(db_change("select acl from user where id = ?"), [name])
     user = curs.fetchall()
     if not user:
         return re_error('/error/2')
     else:
         if owner != 1:
-            curs.execute('select name from alist where name = ? and acl = "owner"', [user[0][0]])
+            curs.execute(db_change('select name from alist where name = ? and acl = "owner"'), [user[0][0]])
             if curs.fetchall():
                 return re_error('/error/3')
 
@@ -23,14 +23,14 @@ def give_admin_2(conn, name):
             return re_error('/error/3')
 
         if owner != 1:
-            curs.execute('select name from alist where name = ? and acl = "owner"', [flask.request.form.get('select', None)])
+            curs.execute(db_change('select name from alist where name = ? and acl = "owner"'), [flask.request.form.get('select', None)])
             if curs.fetchall():
                 return re_error('/error/3')
 
         if flask.request.form.get('select', None) == 'X':
-            curs.execute("update user set acl = 'user' where id = ?", [name])
+            curs.execute(db_change("update user set acl = 'user' where id = ?"), [name])
         else:
-            curs.execute("update user set acl = ? where id = ?", [flask.request.form.get('select', None), name])
+            curs.execute(db_change("update user set acl = ? where id = ?"), [flask.request.form.get('select', None), name])
         
         conn.commit()
         
@@ -41,13 +41,13 @@ def give_admin_2(conn, name):
 
         div = '<option value="X">X</option>'
         
-        curs.execute('select distinct name from alist order by name asc')
+        curs.execute(db_change('select distinct name from alist order by name asc'))
         for data in curs.fetchall():
             if user[0][0] == data[0]:
                 div += '<option value="' + data[0] + '" selected="selected">' + data[0] + '</option>'
             else:
                 if owner != 1:
-                    curs.execute('select name from alist where name = ? and acl = "owner"', [data[0]])
+                    curs.execute(db_change('select name from alist where name = ? and acl = "owner"'), [data[0]])
                     if not curs.fetchall():
                         div += '<option value="' + data[0] + '">' + data[0] + '</option>'
                 else:

route/give_admin_groups.py

@@ -7,28 +7,28 @@ def give_admin_groups_2(conn, name):
         if admin_check(None, 'admin_plus (' + name + ')') != 1:
             return re_error('/error/3')
 
-        curs.execute("delete from alist where name = ?", [name])
+        curs.execute(db_change("delete from alist where name = ?"), [name])
         
         if flask.request.form.get('ban', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'ban')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'ban')"), [name])
 
         if flask.request.form.get('toron', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'toron')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'toron')"), [name])
             
         if flask.request.form.get('check', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'check')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'check')"), [name])
 
         if flask.request.form.get('acl', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'acl')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'acl')"), [name])
 
         if flask.request.form.get('hidel', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'hidel')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'hidel')"), [name])
 
         if flask.request.form.get('give', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'give')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'give')"), [name])
 
         if flask.request.form.get('owner', 0) != 0:
-            curs.execute("insert into alist (name, acl) values (?, 'owner')", [name])
+            curs.execute(db_change("insert into alist (name, acl) values (?, 'owner')"), [name])
             
         conn.commit()
         
@@ -38,7 +38,7 @@ def give_admin_groups_2(conn, name):
         
         exist_list = ['', '', '', '', '', '', '', '']
 
-        curs.execute('select acl from alist where name = ?', [name])
+        curs.execute(db_change('select acl from alist where name = ?'), [name])
         acl_list = curs.fetchall()    
         for go in acl_list:
             if go[0] == 'ban':

route/give_history_hidden.py

@@ -6,11 +6,11 @@ def give_history_hidden_2(conn, name):
     num = number_check(flask.request.args.get('num', '1'))
 
     if admin_check(6, 'history_hidden (' + name + '#' + num + ')') == 1:
-        curs.execute("select title from history where title = ? and id = ? and hide = 'O'", [name, num])
+        curs.execute(db_change("select title from history where title = ? and id = ? and hide = 'O'"), [name, num])
         if curs.fetchall():
-            curs.execute("update history set hide = '' where title = ? and id = ?", [name, num])
+            curs.execute(db_change("update history set hide = '' where title = ? and id = ?"), [name, num])
         else:
-            curs.execute("update history set hide = 'O' where title = ? and id = ?", [name, num])
+            curs.execute(db_change("update history set hide = 'O' where title = ? and id = ?"), [name, num])
             
         conn.commit()
     

route/give_user_ban.py

@@ -4,7 +4,7 @@ def give_user_ban_2(conn, name):
     curs = conn.cursor()
 
     if name and ip_or_user(name) == 0:
-        curs.execute("select acl from user where id = ?", [name])
+        curs.execute(db_change("select acl from user where id = ?"), [name])
         user = curs.fetchall()
         if not user:
             return re_error('/error/2')
@@ -49,7 +49,7 @@ def give_user_ban_2(conn, name):
         if admin_check(1) != 1:
             return re_error('/error/3')
 
-        curs.execute("select end, why from ban where block = ?", [name])
+        curs.execute(db_change("select end, why from ban where block = ?"), [name])
         end = curs.fetchall()
         if end:
             main_name = name
@@ -61,7 +61,7 @@ def give_user_ban_2(conn, name):
             else:
                 data = '<ul><li>' + load_lang('period') + ' : ' + end[0][0] + '</li>'
                 
-            curs.execute("select block from ban where block = ? and login = 'O'", [name])
+            curs.execute(db_change("select block from ban where block = ? and login = 'O'"), [name])
             if curs.fetchall():
                 data += '<li>' + load_lang('login_able') + '</li>'
 

route/give_user_check.py

@@ -3,7 +3,7 @@ from .tool.func import *
 def give_user_check_2(conn, name):
     curs = conn.cursor()
 
-    curs.execute("select acl from user where id = ? or id = ?", [name, flask.request.args.get('plus', '-')])
+    curs.execute(db_change("select acl from user where id = ? or id = ?"), [name, flask.request.args.get('plus', '-')])
     user = curs.fetchall()
     if user and user[0][0] != 'user':
         if admin_check() != 1:
@@ -23,21 +23,21 @@ def give_user_check_2(conn, name):
     
         if ip_or_user(name) == 1:
             if ip_or_user(flask.request.args.get('plus', None)) == 1:
-                curs.execute("select name, ip, ua, today from ua_d where ip = ? or ip = ? order by today desc limit ?, '50'", [name, flask.request.args.get('plus', None), sql_num])
+                curs.execute(db_change("select name, ip, ua, today from ua_d where ip = ? or ip = ? order by today desc limit ?, '50'"), [name, flask.request.args.get('plus', None), sql_num])
             else:
-                curs.execute("select name, ip, ua, today from ua_d where ip = ? or name = ? order by today desc limit ?, '50'", [name, flask.request.args.get('plus', None), sql_num])
+                curs.execute(db_change("select name, ip, ua, today from ua_d where ip = ? or name = ? order by today desc limit ?, '50'"), [name, flask.request.args.get('plus', None), sql_num])
         else:
             if ip_or_user(flask.request.args.get('plus', None)) == 1:
-                curs.execute("select name, ip, ua, today from ua_d where name = ? or ip = ? order by today desc limit ?, '50'", [name, flask.request.args.get('plus', None), sql_num])
+                curs.execute(db_change("select name, ip, ua, today from ua_d where name = ? or ip = ? order by today desc limit ?, '50'"), [name, flask.request.args.get('plus', None), sql_num])
             else:
-                curs.execute("select name, ip, ua, today from ua_d where name = ? or name = ? order by today desc limit ?, '50'", [name, flask.request.args.get('plus', None), sql_num])
+                curs.execute(db_change("select name, ip, ua, today from ua_d where name = ? or name = ? order by today desc limit ?, '50'"), [name, flask.request.args.get('plus', None), sql_num])
     else:
         end_check = 0
         
         if ip_or_user(name) == 1:
-            curs.execute("select name, ip, ua, today from ua_d where ip = ? order by today desc limit ?, '50'", [name, sql_num])
+            curs.execute(db_change("select name, ip, ua, today from ua_d where ip = ? order by today desc limit ?, '50'"), [name, sql_num])
         else:
-            curs.execute("select name, ip, ua, today from ua_d where name = ? order by today desc limit ?, '50'", [name, sql_num])
+            curs.execute(db_change("select name, ip, ua, today from ua_d where name = ? order by today desc limit ?, '50'"), [name, sql_num])
     
     record = curs.fetchall()
     if record:

route/inter_wiki.py

@@ -12,7 +12,7 @@ def inter_wiki_2(conn, tools):
         title = load_lang('interwiki_list')
         div = ''
 
-        curs.execute('select title, link from inter')
+        curs.execute(db_change('select title, link from inter'))
     elif tools == 'email_filter':
         del_link = 'del_email_filter'
         plus_link = 'plus_email_filter'
@@ -27,49 +27,49 @@ def inter_wiki_2(conn, tools):
                 </ul>
                 '''
 
-        curs.execute("select html from html_filter where kind = 'email'")
+        curs.execute(db_change("select html from html_filter where kind = 'email'"))
     elif tools == 'name_filter':
         del_link = 'del_name_filter'
         plus_link = 'plus_name_filter'
         title = load_lang('id_filter_list')
         div = ''
 
-        curs.execute("select html from html_filter where kind = 'name'")
+        curs.execute(db_change("select html from html_filter where kind = 'name'"))
     elif tools == 'edit_filter':
         del_link = 'del_edit_filter'
         plus_link = 'manager/9'
         title = load_lang('edit_filter_list')
         div = ''
 
-        curs.execute("select name from filter")
+        curs.execute(db_change("select name from filter"))
     elif tools == 'file_filter':
         del_link = 'del_file_filter'
         plus_link = 'plus_file_filter'
         title = load_lang('file_filter_list')
         div = ''
 
-        curs.execute("select html from html_filter where kind = 'file'")
+        curs.execute(db_change("select html from html_filter where kind = 'file'"))
     elif tools == 'file_filter':
         del_link = 'del_file_filter'
         plus_link = 'plus_file_filter'
         title = load_lang('file_filter_list')
         div = ''
 
-        curs.execute("select html from html_filter where kind = 'file'")  
+        curs.execute(db_change("select html from html_filter where kind = 'file'"))  
     elif tools == 'image_license':
         del_link = 'del_image_license'
         plus_link = 'plus_image_license'
         title = load_lang('image_license_list')
         div = ''
 
-        curs.execute("select html from html_filter where kind = 'image_license'")  
+        curs.execute(db_change("select html from html_filter where kind = 'image_license'"))  
     else:
         del_link = 'del_edit_top'
         plus_link = 'plus_edit_top'
         title = load_lang('edit_tool_list')
         div = ''
 
-        curs.execute("select html, plus from html_filter where kind = 'edit_top'")
+        curs.execute(db_change("select html, plus from html_filter where kind = 'edit_top'"))
 
     db_data = curs.fetchall()
     if db_data:

route/inter_wiki_del.py

@@ -5,19 +5,19 @@ def inter_wiki_del_2(conn, tools, name):
     
     if admin_check(None, tools) == 1:
         if tools == 'del_inter_wiki':
-            curs.execute("delete from inter where title = ?", [name])
+            curs.execute(db_change("delete from inter where title = ?"), [name])
         elif tools == 'del_edit_filter':
-            curs.execute("delete from filter where name = ?", [name])
+            curs.execute(db_change("delete from filter where name = ?"), [name])
         elif tools == 'del_name_filter':
-            curs.execute("delete from html_filter where html = ? and kind = 'name'", [name])
+            curs.execute(db_change("delete from html_filter where html = ? and kind = 'name'"), [name])
         elif tools == 'del_file_filter':
-            curs.execute("delete from html_filter where html = ? and kind = 'file'", [name])
+            curs.execute(db_change("delete from html_filter where html = ? and kind = 'file'"), [name])
         elif tools == 'del_email_filter':
-            curs.execute("delete from html_filter where html = ? and kind = 'email'", [name])
+            curs.execute(db_change("delete from html_filter where html = ? and kind = 'email'"), [name])
         elif tools == 'del_image_license':
-            curs.execute("delete from html_filter where html = ? and kind = 'image_license'", [name])    
+            curs.execute(db_change("delete from html_filter where html = ? and kind = 'image_license'"), [name])    
         else:
-            curs.execute("delete from html_filter where html = ? and kind = 'edit_top'", [name])
+            curs.execute(db_change("delete from html_filter where html = ? and kind = 'edit_top'"), [name])
         
         conn.commit()
 

route/inter_wiki_plus.py

@@ -5,7 +5,7 @@ def inter_wiki_plus_2(conn, tools, name):
     
     if flask.request.method == 'POST':
         if tools == 'plus_inter_wiki':
-            curs.execute('insert into inter (title, link, icon) values (?, ?, ?)', [
+            curs.execute(db_change('insert into inter (title, link, icon) values (?, ?, ?)'), [
                 flask.request.form.get('title', None), 
                 flask.request.form.get('link', None),
                 flask.request.form.get('icon', None)
@@ -24,11 +24,11 @@ def inter_wiki_plus_2(conn, tools, name):
             try:
                 re.compile(flask.request.form.get('content', 'test'))
 
-                curs.execute("select name from filter where name = ?", [name])
+                curs.execute(db_change("select name from filter where name = ?"), [name])
                 if curs.fetchall():
-                    curs.execute("update filter set regex = ?, sub = ? where name = ?", [flask.request.form.get('content', 'test'), end, name])
+                    curs.execute(db_change("update filter set regex = ?, sub = ? where name = ?"), [flask.request.form.get('content', 'test'), end, name])
                 else:
-                    curs.execute("insert into filter (name, regex, sub) values (?, ?, ?)", [name, flask.request.form.get('content', 'test'), end])
+                    curs.execute(db_change("insert into filter (name, regex, sub) values (?, ?, ?)"), [name, flask.request.form.get('content', 'test'), end])
             except:
                 return re_error('/error/23')                
         else:
@@ -66,7 +66,7 @@ def inter_wiki_plus_2(conn, tools, name):
                 type_d = 'edit_top'
                 plus_d = flask.request.form.get('markup', 'test')
             
-            curs.execute('insert into html_filter (html, kind, plus) values (?, ?, ?)', [flask.request.form.get('title', 'test'), type_d, plus_d])
+            curs.execute(db_change('insert into html_filter (html, kind, plus) values (?, ?, ?)'), [flask.request.form.get('title', 'test'), type_d, plus_d])
         
         conn.commit()
     
@@ -87,7 +87,7 @@ def inter_wiki_plus_2(conn, tools, name):
                 <input placeholder="''' + load_lang('icon') + ''' (HTML)" type="text" name="icon">
             '''
         elif tools == 'plus_edit_filter':
-            curs.execute("select regex, sub from filter where name = ?", [name])
+            curs.execute(db_change("select regex, sub from filter where name = ?"), [name])
             exist = curs.fetchall()
             if exist:
                 textarea = exist[0][0]

route/list_acl.py

@@ -13,7 +13,7 @@ def list_acl_2(conn):
                     <td id="main_table_width_quarter">''' + load_lang('view_acl') + '''</td>
     '''
     
-    curs.execute("select title, decu, dis, view, why from acl where decu != '' or dis != '' or view != '' order by title desc")
+    curs.execute(db_change("select title, decu, dis, view, why from acl where decu != '' or dis != '' or view != '' order by title desc"))
     list_data = curs.fetchall()
     for data in list_data:
         if not re.search('^user:', data[0]) and not re.search('^file:', data[0]):

route/list_admin.py

@@ -5,7 +5,7 @@ def list_admin_2(conn):
 
     div = '<ul>'
     
-    curs.execute("select id, acl, date from user where not acl = 'user' order by date desc")
+    curs.execute(db_change("select id, acl, date from user where not acl = 'user' order by date desc"))
     for data in curs.fetchall():
         name = ip_pas(data[0]) + ' <a href="/admin_plus/' + url_pas(data[1]) + '">(' + data[1] + ')</a>'
         

route/list_admin_use.py

@@ -15,9 +15,9 @@ def list_admin_use_2(conn):
         list_data = '<ul>'
 
         if flask.request.args.get('search', 'normal') == 'normal':
-            curs.execute("select who, what, time from re_admin order by time desc limit ?, '50'", [str(sql_num)])
+            curs.execute(db_change("select who, what, time from re_admin order by time desc limit ?, '50'"), [str(sql_num)])
         else:
-            curs.execute("select who, what, time from re_admin where what like ? order by time desc limit ?, '50'", [
+            curs.execute(db_change("select who, what, time from re_admin where what like ? order by time desc limit ?, '50'"), [
                 flask.request.args.get('search', 'normal') + "%",
                 str(sql_num)
             ])

route/list_block.py

@@ -21,7 +21,7 @@ def list_block_2(conn, name, tool):
     
     data_list = ''
 
-    curs.execute("delete from ban where (end < ? and end like '2%')", [get_time()])
+    curs.execute(db_change("delete from ban where (end < ? and end like '2%')"), [get_time()])
     conn.commit()
     
     if not name:        
@@ -29,7 +29,7 @@ def list_block_2(conn, name, tool):
             sub = ' (' + load_lang('in_progress') + ')'
             menu = [['block_log', load_lang('normal')]]
 
-            curs.execute("select why, block, '', end, '', band from ban where ((end > ? and end like '2%') or end = '') order by end desc limit ?, '50'", [get_time(), str(sql_num)])
+            curs.execute(db_change("select why, block, '', end, '', band from ban where ((end > ? and end like '2%') or end = '') order by end desc limit ?, '50'"), [get_time(), str(sql_num)])
         else:
             sub = 0
             menu = 0
@@ -39,18 +39,18 @@ def list_block_2(conn, name, tool):
                 <hr class=\"main_hr\">
             ''' + div
             
-            curs.execute("select why, block, blocker, end, today, band from rb order by today desc limit ?, '50'", [str(sql_num)])
+            curs.execute(db_change("select why, block, blocker, end, today, band from rb order by today desc limit ?, '50'"), [str(sql_num)])
     else:
         menu = [['block_log', load_lang('normal')]]
         
         if tool == 'block_user':
             sub = ' (' + load_lang('blocked') + ')'
             
-            curs.execute("select why, block, blocker, end, today, band from rb where block = ? order by today desc limit ?, '50'", [name, str(sql_num)])
+            curs.execute(db_change("select why, block, blocker, end, today, band from rb where block = ? order by today desc limit ?, '50'"), [name, str(sql_num)])
         else:
             sub = ' (' + load_lang('admin') + ')'
             
-            curs.execute("select why, block, blocker, end, today, band from rb where blocker = ? order by today desc limit ?, '50'", [name, str(sql_num)])
+            curs.execute(db_change("select why, block, blocker, end, today, band from rb where blocker = ? order by today desc limit ?, '50'"), [name, str(sql_num)])
 
     if data_list == '':
         data_list = curs.fetchall()

route/list_give.py

@@ -6,7 +6,7 @@ def list_give_2(conn):
     list_data = '<ul>'
     back = ''
 
-    curs.execute("select distinct name from alist order by name asc")
+    curs.execute(db_change("select distinct name from alist order by name asc"))
     for data in curs.fetchall():                      
         if back != data[0]:
             back = data[0]

route/list_not_close_topic.py

@@ -5,7 +5,7 @@ def list_not_close_topic_2(conn):
 
     div = '<ul>'
     
-    curs.execute('select title, sub from rd where stop != "O" order by date desc')
+    curs.execute(db_change('select title, sub from rd where stop != "O" order by date desc'))
     n_list = curs.fetchall()
     for data in n_list:
         div += '<li><a href="/topic/' + url_pas(data[0]) + '/sub/' + url_pas(data[1]) + '">' + html.escape(data[0]) + ' (' + data[1] + ')</a></li>'

route/list_old_page.py

@@ -11,7 +11,7 @@ def list_old_page_2(conn):
 
     div = '<ul>'
     
-    curs.execute('' + \
+    curs.execute(db_change('' + \
         'select title, date from history h ' + \
         "where title not like 'user:%' and title not like 'category:%' and title not like 'file:%' and " + \
         "exists (select title from data where title = h.title) " + \
@@ -19,7 +19,7 @@ def list_old_page_2(conn):
         'group by title ' + \
         'order by date asc ' + \
         'limit ?, "50"' + \
-    '', [str(sql_num)])
+    ''), [str(sql_num)])
     n_list = curs.fetchall()
     for data in n_list:
         div += '<li><a href="/w/' + url_pas(data[0]) + '">' + html.escape(data[0]) + '</a> (' + re.sub(' .*$', '', data[1]) + ')</li>'

route/list_please.py

@@ -11,7 +11,7 @@ def list_please_2(conn):
         
     div = '<ul>'
     
-    curs.execute("select distinct title from back where type = 'no' order by title asc limit ?, '50'", [str(sql_num)])
+    curs.execute(db_change("select distinct title from back where type = 'no' order by title asc limit ?, '50'"), [str(sql_num)])
     data_list = curs.fetchall()
     for data in data_list:
         div += '<li><a id="not_thing" href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'   

route/list_title_index.py

@@ -17,7 +17,7 @@ def list_title_index_2(conn):
 
     data = '<a href="/title_index?num=250">(250)</a> <a href="/title_index?num=500">(500)</a> <a href="/title_index?num=1000">(1000)</a>'
 
-    curs.execute("select title from data order by title asc limit ?, ?", [str(sql_num), str(num)])
+    curs.execute(db_change("select title from data order by title asc limit ?, ?"), [str(sql_num), str(num)])
     title_list = curs.fetchall()
     if title_list:
         data += '<hr class=\"main_hr\"><ul>'
@@ -29,10 +29,10 @@ def list_title_index_2(conn):
     if page == 1:
         count_end = []
 
-        curs.execute('select data from other where name = "count_all_title"')
+        curs.execute(db_change('select data from other where name = "count_all_title"'))
         all_title = curs.fetchall()
         if int(all_title[0][0]) < 50000:
-            curs.execute("select count(title) from data")
+            curs.execute(db_change("select count(title) from data"))
             count = curs.fetchall()
             if count:
                 count_end += [count[0][0]]
@@ -41,7 +41,7 @@ def list_title_index_2(conn):
 
             sql_list = ['category:', 'user:', 'file:']
             for sql in sql_list:
-                curs.execute("select count(title) from data where title like ?", [sql + '%'])
+                curs.execute(db_change("select count(title) from data where title like ?"), [sql + '%'])
                 count = curs.fetchall()
                 if count:
                     count_end += [count[0][0]]

route/list_user.py

@@ -13,11 +13,11 @@ def list_user_2(conn):
 
     admin_one = admin_check(1)
     
-    curs.execute("select id, date from user order by date desc limit ?, '50'", [str(sql_num)])
+    curs.execute(db_change("select id, date from user order by date desc limit ?, '50'"), [str(sql_num)])
     user_list = curs.fetchall()
     for data in user_list:
         if admin_one == 1:
-            curs.execute("select block from ban where block = ?", [data[0]])
+            curs.execute(db_change("select block from ban where block = ?"), [data[0]])
             if curs.fetchall():
                 ban_button = ' <a href="/ban/' + url_pas(data[0]) + '">(' + load_lang('ban_release') + ')</a>'
             else:

route/list_user_topic.py

@@ -21,14 +21,14 @@ def list_user_topic_2(conn, name):
                     </tr>
             '''
     
-    curs.execute("select title, id, sub, ip, date from topic where ip = ? order by date desc limit ?, '50'", [name, str(sql_num)])
+    curs.execute(db_change("select title, id, sub, ip, date from topic where ip = ? order by date desc limit ?, '50'"), [name, str(sql_num)])
     data_list = curs.fetchall()
     for data in data_list:
         title = html.escape(data[0])
         sub = html.escape(data[2])
         
         if one_admin == 1:
-            curs.execute("select * from ban where block = ?", [data[3]])
+            curs.execute(db_change("select * from ban where block = ?"), [data[3]])
             if curs.fetchall():
                 ban = ' <a href="/ban/' + url_pas(data[3]) + '">(' + load_lang('release') + ')</a>'
             else:
@@ -42,7 +42,7 @@ def list_user_topic_2(conn, name):
     div += '</tbody></table>'
     div += next_fix('/topic_record/' + url_pas(name) + '?num=', num, data_list)      
     
-    curs.execute("select end from ban where block = ?", [name])
+    curs.execute(db_change("select end from ban where block = ?"), [name])
     if curs.fetchall():
         sub = ' (' + load_lang('blocked') + ')'
     else:

route/login.py

@@ -18,7 +18,7 @@ def login_2(conn):
             
         agent = flask.request.headers.get('User-Agent')
 
-        curs.execute("select pw, encode from user where id = ?", [flask.request.form.get('id', None)])
+        curs.execute(db_change("select pw, encode from user where id = ?"), [flask.request.form.get('id', None)])
         user = curs.fetchall()
         if not user:
             return re_error('/error/2')
@@ -35,14 +35,14 @@ def login_2(conn):
         flask.session['state'] = 1
         flask.session['id'] = flask.request.form.get('id', None)
         
-        curs.execute("select css from custom where user = ?", [flask.request.form.get('id', None)])
+        curs.execute(db_change("select css from custom where user = ?"), [flask.request.form.get('id', None)])
         css_data = curs.fetchall()
         if css_data:
             flask.session['head'] = css_data[0][0]
         else:
             flask.session['head'] = ''
 
-        curs.execute("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')", [flask.request.form.get('id', None), ip_check(1), agent, get_time()])
+        curs.execute(db_change("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')"), [flask.request.form.get('id', None), ip_check(1), agent, get_time()])
 
         conn.commit()
         

route/login_check_key.py

@@ -8,7 +8,7 @@ def login_check_key_2(conn, tool):
             if 'c_id' in flask.session and flask.session['c_key'] == flask.request.form.get('key', None):
                 hashed = pw_encode(flask.session['c_key'])
 
-                curs.execute("update user set pw = ? where id = ?", [hashed, flask.session['c_id']])
+                curs.execute(db_change("update user set pw = ? where id = ?"), [hashed, flask.session['c_id']])
                 conn.commit()
 
                 d_id = flask.session['c_id']
@@ -17,7 +17,7 @@ def login_check_key_2(conn, tool):
                 flask.session.pop('c_id', None)
                 flask.session.pop('c_key', None)
 
-                curs.execute('select data from other where name = "reset_user_text"')
+                curs.execute(db_change('select data from other where name = "reset_user_text"'))
                 sql_d = curs.fetchall()
                 if sql_d and sql_d[0][0] != '':
                     b_text = sql_d[0][0] + '<hr class=\"main_hr\">'
@@ -35,13 +35,13 @@ def login_check_key_2(conn, tool):
             ip = ip_check()
             
             if 'c_id' in flask.session and flask.session['c_key'] == flask.request.form.get('key', None):
-                curs.execute('select data from other where name = "encode"')
+                curs.execute(db_change('select data from other where name = "encode"'))
                 db_data = curs.fetchall()
                 
                 if tool == 'check_key':
-                    curs.execute("select id from user limit 1")
+                    curs.execute(db_change("select id from user limit 1"))
                     if not curs.fetchall():
-                        curs.execute("insert into user (id, pw, acl, date, encode) values (?, ?, 'owner', ?, ?)", [
+                        curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'owner', ?, ?)"), [
                             flask.session['c_id'], 
                             flask.session['c_pw'], 
                             get_time(), 
@@ -50,7 +50,7 @@ def login_check_key_2(conn, tool):
     
                         first = 1
                     else:
-                        curs.execute("insert into user (id, pw, acl, date, encode) values (?, ?, 'user', ?, ?)", [
+                        curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'user', ?, ?)"), [
                             flask.session['c_id'], 
                             flask.session['c_pw'], 
                             get_time(), 
@@ -61,11 +61,11 @@ def login_check_key_2(conn, tool):
     
                     agent = flask.request.headers.get('User-Agent')
     
-                    curs.execute("insert into user_set (name, id, data) values ('email', ?, ?)", [
+                    curs.execute(db_change("insert into user_set (name, id, data) values ('email', ?, ?)"), [
                         flask.session['c_id'], 
                         flask.session['c_email']
                     ])
-                    curs.execute("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')", [
+                    curs.execute(db_change("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')"), [
                         flask.session['c_id'], 
                         ip, 
                         agent, 
@@ -78,8 +78,8 @@ def login_check_key_2(conn, tool):
                             
                     conn.commit()
                 else:
-                    curs.execute('delete from user_set where name = "email" and id = ?', [ip])
-                    curs.execute('insert into user_set (name, id, data) values ("email", ?, ?)', [ip, flask.session['c_email']])
+                    curs.execute(db_change('delete from user_set where name = "email" and id = ?'), [ip])
+                    curs.execute(db_change('insert into user_set (name, id, data) values ("email", ?, ?)'), [ip, flask.session['c_email']])
                     
                     first = 0
                           
@@ -100,7 +100,7 @@ def login_check_key_2(conn, tool):
 
                 return redirect('/user')
     else:
-        curs.execute('select data from other where name = "check_key_text"')
+        curs.execute(db_change('select data from other where name = "check_key_text"'))
         sql_d = curs.fetchall()
         if sql_d and sql_d[0][0] != '':
             b_text = sql_d[0][0] + '<hr class=\"main_hr\">'

route/login_need_email.py

@@ -5,7 +5,7 @@ def login_need_email_2(conn, tool):
 
     if flask.request.method == 'POST':
         if tool == 'pass_find':
-            curs.execute("select id from user_set where id = ? and name = 'email' and data = ?", [
+            curs.execute(db_change("select id from user_set where id = ? and name = 'email' and data = ?"), [
                 flask.request.form.get('id', ''),
                 flask.request.form.get('email', '')
             ])
@@ -13,14 +13,14 @@ def login_need_email_2(conn, tool):
                 flask.session['c_key'] = ''.join(random.choice("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ") for i in range(16))
                 flask.session['c_id'] = flask.request.form.get('id', '')
 
-                curs.execute('select data from other where name = "email_title"')
+                curs.execute(db_change('select data from other where name = "email_title"'))
                 sql_d = curs.fetchall()
                 if sql_d and sql_d[0][0] != '':
                     t_text = html.escape(sql_d[0][0])
                 else:
                     t_text = wiki_set()[0] + ' key'
 
-                curs.execute('select data from other where name = "email_text"')
+                curs.execute(db_change('select data from other where name = "email_text"'))
                 sql_d = curs.fetchall()
                 if sql_d and sql_d[0][0] != '':
                     i_text = html.escape(sql_d[0][0]) + '\n\nKey : ' + flask.session['c_key']
@@ -44,9 +44,9 @@ def login_need_email_2(conn, tool):
                 if data:
                     data = data.groups()[0]
 
-                    curs.execute("select html from html_filter where html = ? and kind = 'email'", [data])
+                    curs.execute(db_change("select html from html_filter where html = ? and kind = 'email'"), [data])
                     if curs.fetchall() or (data in main_email):
-                        curs.execute('select id from user_set where name = "email" and data = ?', [flask.request.form.get('email', '')])
+                        curs.execute(db_change('select id from user_set where name = "email" and data = ?'), [flask.request.form.get('email', '')])
                         if curs.fetchall():
                             flask.session.pop('c_id', None)
                             flask.session.pop('c_pw', None)
@@ -55,14 +55,14 @@ def login_need_email_2(conn, tool):
                             # user 대신 오류 화면 보여주게 수정 필요
                             return redirect('/user')
                         else:
-                            curs.execute('select data from other where name = "email_title"')
+                            curs.execute(db_change('select data from other where name = "email_title"'))
                             sql_d = curs.fetchall()
                             if sql_d and sql_d[0][0] != '':
                                 t_text = html.escape(sql_d[0][0])
                             else:
                                 t_text = wiki_set()[0] + ' key'
 
-                            curs.execute('select data from other where name = "email_text"')
+                            curs.execute(db_change('select data from other where name = "email_text"'))
                             sql_d = curs.fetchall()
                             if sql_d and sql_d[0][0] != '':
                                 i_text = html.escape(sql_d[0][0]) + '\n\nKey : ' + flask.session['c_key']
@@ -82,7 +82,7 @@ def login_need_email_2(conn, tool):
             return redirect('/user')
     else:
         if tool == 'pass_find':
-            curs.execute('select data from other where name = "password_search_text"')
+            curs.execute(db_change('select data from other where name = "password_search_text"'))
             sql_d = curs.fetchall()
             if sql_d and sql_d[0][0] != '':
                 b_text = sql_d[0][0] + '<hr class=\"main_hr\">'
@@ -103,7 +103,7 @@ def login_need_email_2(conn, tool):
                 menu = [['user', load_lang('return')]]
             ))
         else:
-            curs.execute('select data from other where name = "email_insert_text"')
+            curs.execute(db_change('select data from other where name = "email_insert_text"'))
             sql_d = curs.fetchall()
             if sql_d and sql_d[0][0] != '':
                 b_text = sql_d[0][0] + '<hr class=\"main_hr\">'

route/login_oauth.py

@@ -205,10 +205,10 @@ def login_oauth_2(conn, platform, func):
             }
         
         if flask.session['referrer'][0:6] == 'change':
-            curs.execute('select * from oauth_conn where wiki_id = ? and provider = ?', [flask.session['id'], platform])
+            curs.execute(db_change('select * from oauth_conn where wiki_id = ? and provider = ?'), [flask.session['id'], platform])
             oauth_result = curs.fetchall()
             if len(oauth_result) == 0:
-                curs.execute('insert into oauth_conn (provider, wiki_id, sns_id, name, picture) values(?, ?, ?, ?, ?)', [
+                curs.execute(db_change('insert into oauth_conn (provider, wiki_id, sns_id, name, picture) values(?, ?, ?, ?, ?)'), [
                     platform, 
                     flask.session['id'], 
                     stand_json['id'], 
@@ -216,7 +216,7 @@ def login_oauth_2(conn, platform, func):
                     stand_json['picture']
                 ])
             else:
-                curs.execute('update oauth_conn set name = ? picture = ? where wiki_id = ?', [
+                curs.execute(db_change('update oauth_conn set name = ? picture = ? where wiki_id = ?'), [
                     stand_json['name'], 
                     stand_json['picture'], 
                     flask.session['id']
@@ -224,7 +224,7 @@ def login_oauth_2(conn, platform, func):
 
             conn.commit()
         elif flask.session['referrer'][0:5] == 'login':
-            curs.execute('select * from oauth_conn where provider = ? and sns_id = ?', [platform, stand_json['id']])
+            curs.execute(db_change('select * from oauth_conn where provider = ? and sns_id = ?'), [platform, stand_json['id']])
             curs_result = curs.fetchall()
             if len(curs_result) == 0:
                 return re_error('/error/2')

route/login_pw_change.py

@@ -15,7 +15,7 @@ def login_pw_change_2(conn):
             if flask.request.form.get('pw2', None) != flask.request.form.get('pw3', None):
                 return re_error('/error/20')
 
-            curs.execute("select pw, encode from user where id = ?", [flask.session['id']])
+            curs.execute(db_change("select pw, encode from user where id = ?"), [flask.session['id']])
             user = curs.fetchall()
             if not user:
                 return re_error('/error/2')
@@ -31,7 +31,7 @@ def login_pw_change_2(conn):
 
             hashed = pw_encode(flask.request.form.get('pw2', None))
                 
-            curs.execute("update user set pw = ? where id = ?", [hashed, ip])
+            curs.execute(db_change("update user set pw = ? where id = ?"), [hashed, ip])
 
             return redirect('/user')
     else:

route/login_register.py

@@ -11,7 +11,7 @@ def login_register_2(conn):
         return redirect('/user')
 
     if not admin_check() == 1:
-        curs.execute('select data from other where name = "reg"')
+        curs.execute(db_change('select data from other where name = "reg"'))
         set_d = curs.fetchall()
         if set_d and set_d[0][0] == 'on':
             return re_error('/ban')
@@ -31,7 +31,7 @@ def login_register_2(conn):
         if re.search('(?:[^A-Za-zㄱ-힣0-9 ])', flask.request.form.get('id', None)):
             return re_error('/error/8')
             
-        curs.execute('select html from html_filter where kind = "name"')
+        curs.execute(db_change('select html from html_filter where kind = "name"'))
         set_d = curs.fetchall()
         for i in set_d:
             check_r = re.compile(i[0], re.I)
@@ -41,13 +41,13 @@ def login_register_2(conn):
         if len(flask.request.form.get('id', None)) > 32:
             return re_error('/error/7')
 
-        curs.execute("select id from user where id = ?", [flask.request.form.get('id', None)])
+        curs.execute(db_change("select id from user where id = ?"), [flask.request.form.get('id', None)])
         if curs.fetchall():
             return re_error('/error/6')
 
         hashed = pw_encode(flask.request.form.get('pw', None))
         
-        curs.execute('select data from other where name = "email_have"')
+        curs.execute(db_change('select data from other where name = "email_have"'))
         sql_data = curs.fetchall()
         if sql_data and sql_data[0][0] != '':
             flask.session['c_id'] = flask.request.form.get('id', None)
@@ -56,23 +56,23 @@ def login_register_2(conn):
 
             return redirect('/need_email')
         else:
-            curs.execute('select data from other where name = "encode"')
+            curs.execute(db_change('select data from other where name = "encode"'))
             db_data = curs.fetchall()
 
-            curs.execute("select id from user limit 1")
+            curs.execute(db_change("select id from user limit 1"))
             if not curs.fetchall():
-                curs.execute("insert into user (id, pw, acl, date, encode) values (?, ?, 'owner', ?, ?)", [flask.request.form.get('id', None), hashed, get_time(), db_data[0][0]])
+                curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'owner', ?, ?)"), [flask.request.form.get('id', None), hashed, get_time(), db_data[0][0]])
 
                 first = 1
             else:
-                curs.execute("insert into user (id, pw, acl, date, encode) values (?, ?, 'user', ?, ?)", [flask.request.form.get('id', None), hashed, get_time(), db_data[0][0]])
+                curs.execute(db_change("insert into user (id, pw, acl, date, encode) values (?, ?, 'user', ?, ?)"), [flask.request.form.get('id', None), hashed, get_time(), db_data[0][0]])
 
                 first = 0
 
             ip = ip_check()
             agent = flask.request.headers.get('User-Agent')
 
-            curs.execute("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')", [flask.request.form.get('id', None), ip, agent, get_time()])  
+            curs.execute(db_change("insert into ua_d (name, ip, ua, today, sub) values (?, ?, ?, ?, '')"), [flask.request.form.get('id', None), ip, agent, get_time()])  
 
             flask.session['state'] = 1
             flask.session['id'] = flask.request.form.get('id', None)
@@ -87,7 +87,7 @@ def login_register_2(conn):
     else:        
         contract = ''
         
-        curs.execute('select data from other where name = "contract"')
+        curs.execute(db_change('select data from other where name = "contract"'))
         data = curs.fetchall()
         if data and data[0][0] != '':
             contract = data[0][0] + '<hr class=\"main_hr\">'

route/main_skin_set.py

@@ -5,12 +5,12 @@ def main_skin_set_2(conn):
     
     data = flask.make_response(re_error('/error/5'))
 
-    curs.execute("select data from other where name = 'language'")
+    curs.execute(db_change("select data from other where name = 'language'"))
     main_data = curs.fetchall()
 
     data.set_cookie('language', main_data[0][0])
 
-    curs.execute('select data from user_set where name = "lang" and id = ?', [ip_check()])
+    curs.execute(db_change('select data from user_set where name = "lang" and id = ?'), [ip_check()])
     user_data = curs.fetchall()
     if user_data:
         data.set_cookie('user_language', user_data[0][0])

route/recent_changes.py

@@ -40,19 +40,19 @@ def recent_changes_2(conn, name, tool):
                 # 기본적인 move만 구현
                 tool_select = flask.request.args.get('tool', None)
                 if tool_select and tool_select == 'move':
-                    curs.execute('' + \
+                    curs.execute(db_change('' + \
                         'select id, title, date, ip, send, leng from history ' + \
                         'where send like ? or send like ? ' + \
                         'order by id + 0 desc ' + \
                         "limit ?, '50'" + \
-                    '', ['%(<a>' + name +'</a>%', '%<a>' + name + '</a> move)', str(sql_num)])
+                    ''), ['%(<a>' + name +'</a>%', '%<a>' + name + '</a> move)', str(sql_num)])
                 else:
-                    curs.execute('' + \
+                    curs.execute(db_change('' + \
                         'select id, title, date, ip, send, leng from history ' + \
                         'where title = ? ' + \
                         'order by id + 0 desc ' + \
                         "limit ?, '50'" + \
-                    '', [name, str(sql_num)])
+                    ''), [name, str(sql_num)])
             else:
                 div +=  '''
                         <td id="main_table_width">''' + load_lang('document_name') + '''</td>
@@ -63,7 +63,7 @@ def recent_changes_2(conn, name, tool):
 
                 div = '<a href="/topic_record/' + url_pas(name) + '">(' + load_lang('discussion') + ')</a><hr class=\"main_hr\">' + div
                 
-                curs.execute("select id, title, date, ip, send, leng from history where ip = ? order by date desc limit ?, '50'", [name, str(sql_num)])
+                curs.execute(db_change("select id, title, date, ip, send, leng from history where ip = ? order by date desc limit ?, '50'"), [name, str(sql_num)])
         else:
             num = int(number_check(flask.request.args.get('num', '1')))
             if num * 50 > 0:
@@ -82,12 +82,12 @@ def recent_changes_2(conn, name, tool):
             if set_user == 'normal':
                 div = '<a href="?set=user">(' + load_lang('user_document') + ')</a>' + div
 
-            curs.execute('' + \
+            curs.execute(db_change('' + \
                 'select id, title, date, ip, send, leng from history ' + \
                 "where " + ('' if set_user == 'user' else 'not ') + "title like 'user:%' " + \
                 'order by date desc ' + \
                 'limit ?, 50' + \
-            '', [str(sql_num)])
+            ''), [str(sql_num)])
 
         data_list = curs.fetchall()
         for data in data_list:    
@@ -114,10 +114,10 @@ def recent_changes_2(conn, name, tool):
             style = ['', '']
             date = data[2]
 
-            curs.execute('''
+            curs.execute(db_change('''
                 select title from history
                 where title = ? and id = ? and hide = 'O'
-            ''', [data[1], data[0]])
+            '''), [data[1], data[0]])
             hide = curs.fetchall()
             
             if six_admin == 1:
@@ -187,7 +187,7 @@ def recent_changes_2(conn, name, tool):
                 
                 div += next_fix('/history/' + url_pas(name) + '?num=', num, data_list)
             else:
-                curs.execute("select end from ban where block = ?", [name])
+                curs.execute(db_change("select end from ban where block = ?"), [name])
                 if curs.fetchall():
                     sub += ' (' + load_lang('blocked') + ')'
 

route/recent_discuss.py

@@ -25,9 +25,9 @@ def recent_discuss_2(conn):
             '''
     
     if m_sub == 0:
-        curs.execute("select title, sub, date from rd where not stop = 'O' order by date desc limit 50")
+        curs.execute(db_change("select title, sub, date from rd where not stop = 'O' order by date desc limit 50"))
     else:
-        curs.execute("select title, sub, date from rd where stop = 'O' order by date desc limit 50")
+        curs.execute(db_change("select title, sub, date from rd where stop = 'O' order by date desc limit 50"))
         
     for data in curs.fetchall():
         title = html.escape(data[0])

route/recent_history_delete.py

@@ -11,7 +11,7 @@ def recent_history_delete_2(conn, name):
     if flask.request.method == 'POST':
         admin_check(None, 'history delete r' + num)
 
-        curs.execute("delete from history where id = ? and title = ?", [num, name])
+        curs.execute(db_change("delete from history where id = ? and title = ?"), [num, name])
         conn.commit()
 
         return redirect('/history/' + url_pas(name))

route/recent_history_tool.py

@@ -34,10 +34,10 @@ def recent_history_tool_2(conn, name):
         '''
 
     if admin_check(6) == 1:
-        curs.execute('''
+        curs.execute(db_change('''
             select title from history
             where title = ? and id = ? and hide = 'O'
-        ''', [name, num])
+        '''), [name, num])
         hide = curs.fetchall()
         data += '''
             <li>

route/search_deep.py

@@ -17,7 +17,7 @@ def search_deep_2(conn, name):
     div_plus = ''
     test = ''
     
-    curs.execute("select title from data where title = ?", [name])
+    curs.execute(db_change("select title from data where title = ?"), [name])
     if curs.fetchall():
         link_id = ''
     else:
@@ -33,10 +33,10 @@ def search_deep_2(conn, name):
             <ul>
             '''
 
-    curs.execute("" + \
+    curs.execute(db_change("" + \
         "select distinct title, case when title like ? then 'title' else 'data' " + \
         "end from data where title like ? or data like ? order by case " + \
-        "when title like ? then 1 else 2 end limit ?, '50'",
+        "when title like ? then 1 else 2 end limit ?, '50'"),
         ['%' + name + '%', '%' + name + '%', '%' + name + '%', '%' + name + '%', str(sql_num)]
     )
     all_list = curs.fetchall()

route/search_goto.py

@@ -8,7 +8,7 @@ def search_goto_2(conn, name):
     else:
         data = name
 
-    curs.execute("select title from data where title = ?", [data])
+    curs.execute(db_change("select title from data where title = ?"), [data])
     t_data = curs.fetchall()
     if t_data:
         return redirect('/w/' + url_pas(data))

route/server_indexing.py

@@ -9,7 +9,7 @@ def server_indexing_2(conn):
     if flask.request.method == 'POST':
         admin_check(None, 'indexing')
 
-        curs.execute("select name from sqlite_master where type = 'index'")
+        curs.execute(db_change("select name from sqlite_master where type = 'index'"))
         data = curs.fetchall()
         if data:
             for delete_index in data:
@@ -18,13 +18,13 @@ def server_indexing_2(conn):
                 sql = 'drop index if exists ' + delete_index[0]
                 
                 try:
-                    curs.execute(sql)
+                    curs.execute(db_change(sql))
                 except:
                     pass
         else:
-            curs.execute("select name from sqlite_master where type in ('table', 'view') and name not like 'sqlite_%' union all select name from sqlite_temp_master where type in ('table', 'view') order by 1;")
+            curs.execute(db_change("select name from sqlite_master where type in ('table', 'view') and name not like 'sqlite_%' union all select name from sqlite_temp_master where type in ('table', 'view') order by 1;"))
             for table in curs.fetchall():            
-                curs.execute('select sql from sqlite_master where name = ?', [table[0]])
+                curs.execute(db_change('select sql from sqlite_master where name = ?'), [table[0]])
                 cul = curs.fetchall()
                 
                 r_cul = re.findall('(?:([^ (]*) text)', str(cul[0]))
@@ -34,7 +34,7 @@ def server_indexing_2(conn):
 
                     sql = 'create index index_' + table[0] + '_' + n_cul + ' on ' + table[0] + '(' + n_cul + ')'
                     try:
-                        curs.execute(sql)
+                        curs.execute(db_change(sql))
                     except:
                         pass
 
@@ -42,7 +42,7 @@ def server_indexing_2(conn):
         
         return redirect()  
     else:
-        curs.execute("select name from sqlite_master where type = 'index'")
+        curs.execute(db_change("select name from sqlite_master where type = 'index'"))
         data = curs.fetchall()
         if data:
             b_data = load_lang('delete')

route/server_now_update.py

@@ -9,7 +9,7 @@ def server_now_update_2(conn, r_ver):
     if flask.request.method == 'POST':
         admin_check(None, 'update')
 
-        curs.execute('select data from other where name = "update"')
+        curs.execute(db_change('select data from other where name = "update"'))
         up_data = curs.fetchall()
         if up_data:
             up_data = up_data[0][0]

route/setting.py

@@ -72,7 +72,7 @@ def setting_2(conn, num):
         
         if flask.request.method == 'POST':
             for i in i_list:
-                curs.execute("update other set data = ? where name = ?", [
+                curs.execute(db_change("update other set data = ? where name = ?"), [
                     flask.request.form.get(i_list[i], n_list[i]), 
                     i_list[i]]
                 )
@@ -86,12 +86,12 @@ def setting_2(conn, num):
             d_list = []
             
             for i in i_list:
-                curs.execute('select data from other where name = ?', [i_list[i]])
+                curs.execute(db_change('select data from other where name = ?'), [i_list[i]])
                 sql_d = curs.fetchall()
                 if sql_d:
                     d_list += [sql_d[0][0]]
                 else:
-                    curs.execute('insert into other (name, data) values (?, ?)', [i_list[i], n_list[i]])
+                    curs.execute(db_change('insert into other (name, data) values (?, ?)'), [i_list[i], n_list[i]])
                     
                     d_list += [n_list[i]]
 
@@ -229,7 +229,7 @@ def setting_2(conn, num):
         ]
         if flask.request.method == 'POST':
             for i in i_list:
-                curs.execute("update other set data = ? where name = ?", [
+                curs.execute(db_change("update other set data = ? where name = ?"), [
                     flask.request.form.get(i, ''), 
                     i
                 ])
@@ -243,12 +243,12 @@ def setting_2(conn, num):
             d_list = []
             
             for i in i_list:
-                curs.execute('select data from other where name = ?', [i])
+                curs.execute(db_change('select data from other where name = ?'), [i])
                 sql_d = curs.fetchall()
                 if sql_d:
                     d_list += [sql_d[0][0]]
                 else:
-                    curs.execute('insert into other (name, data) values (?, ?)', [i, ''])
+                    curs.execute(db_change('insert into other (name, data) values (?, ?)'), [i, ''])
                     
                     d_list += ['']
 
@@ -325,15 +325,15 @@ def setting_2(conn, num):
                 else:
                     coverage = flask.request.args.get('skin', '')
                 
-            curs.execute("select name from other where name = ? and coverage = ?", [info_d, coverage])
+            curs.execute(db_change("select name from other where name = ? and coverage = ?"), [info_d, coverage])
             if curs.fetchall():
-                curs.execute("update other set data = ? where name = ? and coverage = ?", [
+                curs.execute(db_change("update other set data = ? where name = ? and coverage = ?"), [
                     flask.request.form.get('content', ''),
                     info_d,
                     coverage
                 ])
             else:
-                curs.execute("insert into other (name, data, coverage) values (?, ?, ?)", [info_d, flask.request.form.get('content', ''), coverage])
+                curs.execute(db_change("insert into other (name, data, coverage) values (?, ?, ?)"), [info_d, flask.request.form.get('content', ''), coverage])
             
             conn.commit()
 
@@ -342,15 +342,15 @@ def setting_2(conn, num):
             return redirect('/setting/' + end_r + '?skin=' + flask.request.args.get('skin', ''))
         else:
             if num == 4:
-                curs.execute("select data from other where name = 'body'")
+                curs.execute(db_change("select data from other where name = 'body'"))
                 title = '_body'
                 start = ''
             elif num == 7:
-                curs.execute("select data from other where name = 'bottom_body'")
+                curs.execute(db_change("select data from other where name = 'bottom_body'"))
                 title = '_bottom_body'
                 start = ''
             else:
-                curs.execute("select data from other where name = 'head' and coverage = ?", [flask.request.args.get('skin', '')])
+                curs.execute(db_change("select data from other where name = 'head' and coverage = ?"), [flask.request.args.get('skin', '')])
                 title = '_head'
                 start = '<a href="?">(' + load_lang('all') + ')</a> ' + \
                 ' '.join(['<a href="?skin=' + i + '">(' + i + ')</a>' for i in load_skin('', 1)]) + \
@@ -380,11 +380,11 @@ def setting_2(conn, num):
             ))
     elif num == 5:
         if flask.request.method == 'POST':
-            curs.execute("select name from other where name = 'robot'")
+            curs.execute(db_change("select name from other where name = 'robot'"))
             if curs.fetchall():
-                curs.execute("update other set data = ? where name = 'robot'", [flask.request.form.get('content', '')])
+                curs.execute(db_change("update other set data = ? where name = 'robot'"), [flask.request.form.get('content', '')])
             else:
-                curs.execute("insert into other (name, data) values ('robot', ?)", [flask.request.form.get('content', '')])
+                curs.execute(db_change("insert into other (name, data) values ('robot', ?)"), [flask.request.form.get('content', '')])
             
             conn.commit()
             
@@ -397,7 +397,7 @@ def setting_2(conn, num):
             return redirect('/setting/4')
         else:
             if not os.path.exists('robots.txt'):
-                curs.execute('select data from other where name = "robot"')
+                curs.execute(db_change('select data from other where name = "robot"'))
                 robot_test = curs.fetchall()
                 if robot_test:
                     fw_test = open('./robots.txt', 'w')
@@ -408,9 +408,9 @@ def setting_2(conn, num):
                     fw_test.write('User-agent: *\nDisallow: /\nAllow: /$\nAllow: /w/')
                     fw_test.close()
 
-                    curs.execute('insert into other (name, data) values ("robot", "User-agent: *\nDisallow: /\nAllow: /$\nAllow: /w/")')
+                    curs.execute(db_change('insert into other (name, data) values ("robot", "User-agent: *\nDisallow: /\nAllow: /$\nAllow: /w/")'))
 
-            curs.execute("select data from other where name = 'robot'")
+            curs.execute(db_change("select data from other where name = 'robot'"))
             robot = curs.fetchall()
             if robot:
                 data = robot[0][0]
@@ -452,7 +452,7 @@ def setting_2(conn, num):
                 else:
                     into_data = flask.request.form.get(data, '')
 
-                curs.execute("update other set data = ? where name = ?", [into_data, data])
+                curs.execute(db_change("update other set data = ? where name = ?"), [into_data, data])
 
             conn.commit()
             
@@ -465,12 +465,12 @@ def setting_2(conn, num):
             x = 0
             
             for i in i_list:
-                curs.execute('select data from other where name = ?', [i])
+                curs.execute(db_change('select data from other where name = ?'), [i])
                 sql_d = curs.fetchall()
                 if sql_d:
                     d_list += [sql_d[0][0]]
                 else:
-                    curs.execute('insert into other (name, data) values (?, ?)', [i, ''])
+                    curs.execute(db_change('insert into other (name, data) values (?, ?)'), [i, ''])
                     
                     d_list += ['']
 

route/setting_adsense.py

@@ -18,21 +18,21 @@ def setting_adsense_2(conn):
             ))
         
         if adsense_enabled == 'on':
-            curs.execute('update other set data = "True" where name = "adsense"')
+            curs.execute(db_change('update other set data = "True" where name = "adsense"'))
         else:
-            curs.execute('update other set data = "False" where name = "adsense"')
+            curs.execute(db_change('update other set data = "False" where name = "adsense"'))
         
-        curs.execute('update other set data = ? where name = "adsense_code"', [adsense_code])
+        curs.execute(db_change('update other set data = ? where name = "adsense_code"'), [adsense_code])
         conn.commit()
         
         return redirect('/adsense_setting')
 
     body_content = ''
 
-    curs.execute('select data from other where name = "adsense"')
+    curs.execute(db_change('select data from other where name = "adsense"'))
     adsense_enabled = curs.fetchall()[0][0]
 
-    curs.execute('select data from other where name = "adsense_code"')
+    curs.execute(db_change('select data from other where name = "adsense_code"'))
     adsense_code = curs.fetchall()[0][0]
 
     template = '''

route/tool/func.py

@@ -32,7 +32,6 @@ for i in range(0, 2):
         if sys.version_info < (3, 6):
             import sha3
 
-        from .set_mark.tool import *
         from .mark import *
     except ImportError as e:
         if i == 0:
@@ -76,7 +75,7 @@ def send_email(who, title, data):
     smtp = smtplib.SMTP_SSL('smtp.gmail.com', 465)
 
     try:
-        curs.execute('select name, data from other where name = "g_email" or name = "g_pass"')
+        curs.execute(db_change('select name, data from other where name = "g_email" or name = "g_pass"'))
         rep_data = curs.fetchall()
         if rep_data:
             g_email = ''
@@ -150,10 +149,10 @@ def captcha_get():
     data = ''
 
     if ip_or_user() != 0:
-        curs.execute('select data from other where name = "recaptcha"')
+        curs.execute(db_change('select data from other where name = "recaptcha"'))
         recaptcha = curs.fetchall()
         if recaptcha and recaptcha[0][0] != '':
-            curs.execute('select data from other where name = "sec_re"')
+            curs.execute(db_change('select data from other where name = "sec_re"'))
             sec_re = curs.fetchall()
             if sec_re and sec_re[0][0] != '':
                 data += recaptcha[0][0] + '<hr class=\"main_hr\">'
@@ -163,10 +162,10 @@ def captcha_get():
 def update():
     #v3.1.2
     try:
-        curs.execute('select title, dec from acl where dec != ""')
+        curs.execute(db_change('select title, dec from acl where dec != ""'))
         db_data = curs.fetchall()
         for i in db_data:
-            curs.execute("update acl set decu = ? where title = ?", [i[1], i[0]])
+            curs.execute(db_change("update acl set decu = ? where title = ?"), [i[1], i[0]])
 
         print('Fix table acl column dec to decu')
         print('----')
@@ -177,7 +176,7 @@ def update():
 
 def pw_encode(data, data2 = '', type_d = ''):
     if type_d == '':
-        curs.execute('select data from other where name = "encode"')
+        curs.execute(db_change('select data from other where name = "encode"'))
         set_data = curs.fetchall()
 
         type_d = set_data[0][0]
@@ -198,7 +197,7 @@ def pw_encode(data, data2 = '', type_d = ''):
         return bcrypt.hashpw(bytes(data, 'utf-8'), salt_data).decode()
 
 def pw_check(data, data2, type_d = 'no', id_d = ''):
-    curs.execute('select data from other where name = "encode"')
+    curs.execute(db_change('select data from other where name = "encode"'))
     db_data = curs.fetchall()
 
     if type_d != 'no':
@@ -230,14 +229,14 @@ def pw_check(data, data2, type_d = 'no', id_d = ''):
                 set_data = db_data[0][0]
 
     if db_data[0][0] != set_data and re_data == 1 and id_d != '':
-        curs.execute("update user set pw = ?, encode = ? where id = ?", [pw_encode(data), db_data[0][0], id_d])
+        curs.execute(db_change("update user set pw = ?, encode = ? where id = ?"), [pw_encode(data), db_data[0][0], id_d])
 
     return re_data
 
 def captcha_post(re_data, num = 1):
     if num == 1:
         if ip_or_user() != 0 and captcha_get() != '':
-            curs.execute('select data from other where name = "sec_re"')
+            curs.execute(db_change('select data from other where name = "sec_re"'))
             sec_re = curs.fetchall()
             if sec_re and sec_re[0][0] != '':
                 try:
@@ -262,7 +261,7 @@ def captcha_post(re_data, num = 1):
 
 def load_lang(data, num = 2, safe = 0):
     if num == 1:
-        curs.execute("select data from other where name = 'language'")
+        curs.execute(db_change("select data from other where name = 'language'"))
         rep_data = curs.fetchall()
 
         json_data = open(os.path.join('language', rep_data[0][0] + '.json'), 'rt', encoding='utf-8').read()
@@ -276,7 +275,7 @@ def load_lang(data, num = 2, safe = 0):
         else:
             return html.escape(data + ' (M)')
     else:
-        curs.execute('select data from user_set where name = "lang" and id = ?', [ip_check()])
+        curs.execute(db_change('select data from user_set where name = "lang" and id = ?'), [ip_check()])
         rep_data = curs.fetchall()
         if rep_data:
             try:
@@ -321,7 +320,7 @@ def ip_or_user(data = ''):
 def edit_button():
     insert_list = []
     
-    curs.execute("select html, plus from html_filter where kind = 'edit_top'")
+    curs.execute(db_change("select html, plus from html_filter where kind = 'edit_top'"))
     db_data = curs.fetchall()
     for get_data in db_data:
         insert_list += [[get_data[1], get_data[0]]]
@@ -337,7 +336,7 @@ def edit_button():
 
 def ip_warring():
     if ip_or_user() != 0:
-        curs.execute('select data from other where name = "no_login_warring"')
+        curs.execute(db_change('select data from other where name = "no_login_warring"'))
         data = curs.fetchall()
         if data and data[0][0] != '':
             text_data = '<span>' + data[0][0] + '</span><hr class=\"main_hr\">'
@@ -351,13 +350,13 @@ def ip_warring():
 def skin_check(set_n = 0):
     skin = 'marisa'
 
-    curs.execute('select data from other where name = "skin"')
+    curs.execute(db_change('select data from other where name = "skin"'))
     skin_exist = curs.fetchall()
     if skin_exist and skin_exist[0][0] != '':
         if os.path.exists(os.path.abspath('./views/' + skin_exist[0][0] + '/index.html')) == 1:
             skin = skin_exist[0][0]
     
-    curs.execute('select data from user_set where name = "skin" and id = ?', [ip_check()])
+    curs.execute(db_change('select data from user_set where name = "skin" and id = ?'), [ip_check()])
     skin_exist = curs.fetchall()
     if skin_exist and skin_exist[0][0] != '':
         if os.path.exists(os.path.abspath('./views/' + skin_exist[0][0] + '/index.html')) == 1:
@@ -437,14 +436,14 @@ def wiki_set(num = 1):
     if num == 1:
         data_list = []
 
-        curs.execute('select data from other where name = ?', ['name'])
+        curs.execute(db_change('select data from other where name = ?'), ['name'])
         db_data = curs.fetchall()
         if db_data and db_data[0][0] != '':
             data_list += [db_data[0][0]]
         else:
             data_list += ['Wiki']
 
-        curs.execute('select data from other where name = "license"')
+        curs.execute(db_change('select data from other where name = "license"'))
         db_data = curs.fetchall()
         if db_data and db_data[0][0] != '':
             data_list += [db_data[0][0]]
@@ -453,14 +452,14 @@ def wiki_set(num = 1):
 
         data_list += ['', '']
 
-        curs.execute('select data from other where name = "logo"')
+        curs.execute(db_change('select data from other where name = "logo"'))
         db_data = curs.fetchall()
         if db_data and db_data[0][0] != '':
             data_list += [db_data[0][0]]
         else:
             data_list += [data_list[0]]
             
-        curs.execute("select data from other where name = 'head' and coverage = ?", [skin_check(1)])
+        curs.execute(db_change("select data from other where name = 'head' and coverage = ?"), [skin_check(1)])
         db_data = curs.fetchall()
         if db_data and db_data[0][0] != '':
             if len(re.findall('<', db_data[0][0])) % 2 != 1:
@@ -468,7 +467,7 @@ def wiki_set(num = 1):
             else:
                 data_list += ['']
         else:
-            curs.execute("select data from other where name = 'head' and coverage = ''")
+            curs.execute(db_change("select data from other where name = 'head' and coverage = ''"))
             db_data = curs.fetchall()
             if db_data and db_data[0][0] != '':
                 if len(re.findall('<', db_data[0][0])) % 2 != 1:
@@ -483,11 +482,11 @@ def wiki_set(num = 1):
     if num == 2:
         var_data = 'FrontPage'
 
-        curs.execute('select data from other where name = "frontpage"')
+        curs.execute(db_change('select data from other where name = "frontpage"'))
     elif num == 3:
         var_data = '2'
 
-        curs.execute('select data from other where name = "upload"')
+        curs.execute(db_change('select data from other where name = "upload"'))
     
     db_data = curs.fetchall()
     if db_data and db_data[0][0] != '':
@@ -550,7 +549,7 @@ def admin_check(num = None, what = None, name = ''):
     else:
         ip = name
 
-    curs.execute("select acl from user where id = ?", [ip])
+    curs.execute(db_change("select acl from user where id = ?"), [ip])
     user = curs.fetchall()
     if user:
         reset = 0
@@ -574,10 +573,10 @@ def admin_check(num = None, what = None, name = ''):
             else:
                 check = 'owner'
 
-            curs.execute('select name from alist where name = ? and acl = ?', [user[0][0], check])
+            curs.execute(db_change('select name from alist where name = ? and acl = ?'), [user[0][0], check])
             if curs.fetchall():
                 if what:
-                    curs.execute("insert into re_admin (who, what, time) values (?, ?, ?)", [ip, what, get_time()])
+                    curs.execute(db_change("insert into re_admin (who, what, time) values (?, ?, ?)"), [ip, what, get_time()])
                     conn.commit()
 
                 return 1
@@ -600,7 +599,7 @@ def ip_pas(raw_ip):
     hide = 0
 
     if ip_or_user(raw_ip) != 0:    
-        curs.execute("select data from other where name = 'ip_view'")
+        curs.execute(db_change("select data from other where name = 'ip_view'"))
         data = curs.fetchall()
         if data and data[0][0] != '':
             ip = re.sub('((?:(?!\.).)+)$', 'xxx', raw_ip)
@@ -610,7 +609,7 @@ def ip_pas(raw_ip):
         else:
             ip = raw_ip
     else:
-        curs.execute("select title from data where title = ?", ['user:' + raw_ip])
+        curs.execute(db_change("select title from data where title = ?"), ['user:' + raw_ip])
         if curs.fetchall():
             ip = '<a href="/w/' + url_pas('user:' + raw_ip) + '">' + raw_ip + '</a>'
         else:
@@ -643,7 +642,7 @@ def custom():
         user_icon = 0
 
     if user_icon != 0:
-        curs.execute('select data from user_set where name = "email" and id = ?', [ip])
+        curs.execute(db_change('select data from user_set where name = "email" and id = ?'), [ip])
         data = curs.fetchall()
         if data:
             email = data[0][0]
@@ -660,11 +659,11 @@ def custom():
     if admin_check('all') == 1:
         user_admin = '1'
 
-        curs.execute("select acl from user where id = ?", [ip])
+        curs.execute(db_change("select acl from user where id = ?"), [ip])
         user_acl = curs.fetchall()
 
         user_acl_list = []
-        curs.execute('select acl from alist where name = ?', [user_acl[0][0]])
+        curs.execute(db_change('select acl from alist where name = ?'), [user_acl[0][0]])
         user_acl = curs.fetchall()
         for i in user_acl:
             user_acl_list += [i[0]]
@@ -683,7 +682,7 @@ def custom():
         user_ban = '0'
 
     if user_icon == 1:
-        curs.execute("select count(name) from alarm where name = ?", [ip])
+        curs.execute(db_change("select count(name) from alarm where name = ?"), [ip])
         count = curs.fetchall()
         if count:
             user_notice = str(count[0][0])
@@ -702,11 +701,11 @@ def load_skin(data = '', set_n = 0):
     if data == '':
         ip = ip_check()
 
-        curs.execute('select data from user_set where name = "skin" and id = ?', [ip])
+        curs.execute(db_change('select data from user_set where name = "skin" and id = ?'), [ip])
         data = curs.fetchall()
 
         if not data:
-            curs.execute('select data from other where name = "skin"')
+            curs.execute(db_change('select data from other where name = "skin"'))
             data = curs.fetchall()
             if not data:
                 data = [['marisa']]
@@ -759,7 +758,7 @@ def acl_check(name = 'test', tool = '', sub = 'test'):
             if admin_check(5) == 1:
                 return 0
 
-            curs.execute("select decu from acl where title = ?", ['user:' + acl_n[0]])
+            curs.execute(db_change("select decu from acl where title = ?"), ['user:' + acl_n[0]])
             acl_data = curs.fetchall()
             if acl_data:
                 if acl_data[0][0] == 'all':
@@ -789,27 +788,27 @@ def acl_check(name = 'test', tool = '', sub = 'test'):
     for i in range(0, end):
         if tool == '':
             if i == 0:
-                curs.execute("select decu from acl where title = ?", [name])
+                curs.execute(db_change("select decu from acl where title = ?"), [name])
                 acl_data = curs.fetchall()
             elif i == 1:
-                curs.execute('select data from other where name = "edit"')
+                curs.execute(db_change('select data from other where name = "edit"'))
                 acl_data = curs.fetchall()
             else:
-                curs.execute("select view from acl where title = ?", [name])
+                curs.execute(db_change("select view from acl where title = ?"), [name])
                 acl_data = curs.fetchall()
 
             num = 5
         elif tool == 'topic':
             if i == 0:
-                curs.execute("select dis from acl where title = ?", [name])
+                curs.execute(db_change("select dis from acl where title = ?"), [name])
                 acl_data = curs.fetchall()
             else:
-                curs.execute('select data from other where name = "discussion"')
+                curs.execute(db_change('select data from other where name = "discussion"'))
                 acl_data = curs.fetchall()
 
             num = 3
         else:
-            curs.execute("select view from acl where title = ?", [name])
+            curs.execute(db_change("select view from acl where title = ?"), [name])
             acl_data = curs.fetchall()
 
             num = 5
@@ -831,7 +830,7 @@ def acl_check(name = 'test', tool = '', sub = 'test'):
                     return 1
                 
                 if admin_check(num) != 1:
-                    curs.execute("select count(title) from history where ip = ?", [ip])
+                    curs.execute(db_change("select count(title) from history where ip = ?"), [ip])
                     count = curs.fetchall()
                     if count:
                         count = count[0][0]
@@ -846,7 +845,7 @@ def acl_check(name = 'test', tool = '', sub = 'test'):
                     return 1
                 
                 if admin_check(num) != 1:
-                    curs.execute("select data from user_set where id = ? and name = 'email'", [ip])
+                    curs.execute(db_change("select data from user_set where id = ? and name = 'email'"), [ip])
                     email = curs.fetchall()
                     if not email:
                         return 1
@@ -856,7 +855,7 @@ def acl_check(name = 'test', tool = '', sub = 'test'):
                     return 1
 
         if tool == 'topic':
-            curs.execute("select title from rd where title = ? and sub = ? and not stop = ''", [name, sub])
+            curs.execute(db_change("select title from rd where title = ? and sub = ? and not stop = ''"), [name, sub])
             if curs.fetchall():
                 if admin_check(3, 'topic (' + name + ')') != 1:
                     return 1
@@ -873,10 +872,10 @@ def ban_check(ip = None, tool = None):
     else:
         band_it = '-'
 
-    curs.execute("delete from ban where (end < ? and end like '2%')", [get_time()])
+    curs.execute(db_change("delete from ban where (end < ? and end like '2%')"), [get_time()])
     conn.commit()
 
-    curs.execute("select login, block from ban where ((end > ? and end like '2%') or end = '') and band = 'regex'", [get_time()])
+    curs.execute(db_change("select login, block from ban where ((end > ? and end like '2%') or end = '') and band = 'regex'"), [get_time()])
     regex_d = curs.fetchall()
     for test_r in regex_d:
         g_regex = re.compile(test_r[1])
@@ -887,7 +886,7 @@ def ban_check(ip = None, tool = None):
             else:
                 return 1
     
-    curs.execute("select login from ban where ((end > ? and end like '2%') or end = '') and block = ? and band = 'O'", [get_time(), band_it])
+    curs.execute(db_change("select login from ban where ((end > ? and end like '2%') or end = '') and block = ? and band = 'O'"), [get_time(), band_it])
     band_d = curs.fetchall()
     if band_d:
         if tool and tool == 'login':
@@ -896,7 +895,7 @@ def ban_check(ip = None, tool = None):
         else:
             return 1
 
-    curs.execute("select login from ban where ((end > ? and end like '2%') or end = '') and block = ? and band = ''", [get_time(), ip])
+    curs.execute(db_change("select login from ban where ((end > ? and end like '2%') or end = '') and block = ? and band = ''"), [get_time(), ip])
     ban_d = curs.fetchall()
     if ban_d:
         if tool and tool == 'login':
@@ -921,11 +920,11 @@ def ban_insert(name, end, why, login, blocker, type_d = None):
         else:
             band = ''
 
-    curs.execute("delete from ban where (end < ? and end like '2%')", [get_time()])
+    curs.execute(db_change("delete from ban where (end < ? and end like '2%')"), [get_time()])
 
-    curs.execute("select block from ban where ((end > ? and end like '2%') or end = '') and block = ? and band = ?", [get_time(), name, band])
+    curs.execute(db_change("select block from ban where ((end > ? and end like '2%') or end = '') and block = ? and band = ?"), [get_time(), name, band])
     if curs.fetchall():
-        curs.execute("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)", [
+        curs.execute(db_change("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)"), [
             name, 
             'release',
             now_time, 
@@ -933,7 +932,7 @@ def ban_insert(name, end, why, login, blocker, type_d = None):
             '', 
             band
         ])
-        curs.execute("delete from ban where block = ? and band = ?", [name, band])
+        curs.execute(db_change("delete from ban where block = ? and band = ?"), [name, band])
     else:
         if login != '':
             login = 'O'
@@ -949,22 +948,22 @@ def ban_insert(name, end, why, login, blocker, type_d = None):
         else:
             r_time = ''
 
-        curs.execute("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)", [name, r_time, now_time, blocker, why, band])
-        curs.execute("insert into ban (block, end, why, band, login) values (?, ?, ?, ?, ?)", [name, r_time, why, band, login])
+        curs.execute(db_change("insert into rb (block, end, today, blocker, why, band) values (?, ?, ?, ?, ?, ?)"), [name, r_time, now_time, blocker, why, band])
+        curs.execute(db_change("insert into ban (block, end, why, band, login) values (?, ?, ?, ?, ?)"), [name, r_time, why, band, login])
     
     conn.commit()
 
 def rd_plus(title, sub, date):
-    curs.execute("select title from rd where title = ? and sub = ?", [title, sub])
+    curs.execute(db_change("select title from rd where title = ? and sub = ?"), [title, sub])
     if curs.fetchall():
-        curs.execute("update rd set date = ? where title = ? and sub = ?", [date, title, sub])
+        curs.execute(db_change("update rd set date = ? where title = ? and sub = ?"), [date, title, sub])
     else:
-        curs.execute("insert into rd (title, sub, date) values (?, ?, ?)", [title, sub, date])
+        curs.execute(db_change("insert into rd (title, sub, date) values (?, ?, ?)"), [title, sub, date])
 
     conn.commit()
 
 def history_plus(title, data, date, ip, send, leng, t_check = ''):
-    curs.execute("select id from history where title = ? order by id + 0 desc limit 1", [title])
+    curs.execute(db_change("select id from history where title = ? order by id + 0 desc limit 1"), [title])
     id_data = curs.fetchall()
 
     send = re.sub('\(|\)|<|>', '', send)
@@ -975,7 +974,7 @@ def history_plus(title, data, date, ip, send, leng, t_check = ''):
     if t_check != '':
         send += ' (' + t_check + ')'
 
-    curs.execute("insert into history (id, title, data, date, ip, send, leng, hide) values (?, ?, ?, ?, ?, ?, ?, '')", [
+    curs.execute(db_change("insert into history (id, title, data, date, ip, send, leng, hide) values (?, ?, ?, ?, ?, ?, ?, '')"), [
         str(int(id_data[0][0]) + 1) if id_data else '1',
         title,
         data,
@@ -1004,7 +1003,7 @@ def number_check(data):
 
 def edit_filter_do(data):
     if admin_check(1) != 1:
-        curs.execute("select regex, sub from filter where regex != ''")
+        curs.execute(db_change("select regex, sub from filter where regex != ''"))
         for data_list in curs.fetchall():
             match = re.compile(data_list[0], re.I)
             if match.search(data):
@@ -1041,10 +1040,10 @@ def re_error(data):
             else:
                 band_it = '-'
 
-            curs.execute("delete from ban where (end < ? and end like '2%')", [get_time()])
+            curs.execute(db_change("delete from ban where (end < ? and end like '2%')"), [get_time()])
             conn.commit()
 
-            curs.execute("select login, block, end from ban where ((end > ? and end like '2%') or end = '') and band = 'regex'", [get_time()])
+            curs.execute(db_change("select login, block, end from ban where ((end > ? and end like '2%') or end = '') and band = 'regex'"), [get_time()])
             regex_d = curs.fetchall()
             for test_r in regex_d:
                 g_regex = re.compile(test_r[1])
@@ -1056,7 +1055,7 @@ def re_error(data):
 
                     end += '<hr class=\"main_hr\">'
             
-            curs.execute("select login, end from ban where ((end > ? and end like '2%') or end = '') and block = ?", [get_time(), band_it])
+            curs.execute(db_change("select login, end from ban where ((end > ? and end like '2%') or end = '') and block = ?"), [get_time(), band_it])
             band_d = curs.fetchall()
             if band_d:
                 end += '<li>' + load_lang('type') + ' : band ban</li>'
@@ -1066,7 +1065,7 @@ def re_error(data):
 
                 end += '<hr class=\"main_hr\">'
 
-            curs.execute("select login, end from ban where ((end > ? and end like '2%') or end = '') and block = ?", [get_time(), ip])
+            curs.execute(db_change("select login, end from ban where ((end > ? and end like '2%') or end = '') and block = ?"), [get_time(), ip])
             ban_d = curs.fetchall()
             if ban_d:
                 end += '<li>' + load_lang('type') + ' : ban</li>'

route/tool/mark.py

@@ -1,6 +1,8 @@
 from .set_mark.namu import namu
 from .set_mark.markdown import markdown
 
+from .set_mark.tool import *
+
 import re
 import html
 import sqlite3
@@ -36,12 +38,12 @@ def send_parser(data):
     
 def plusing(data):
     for data_in in data:
-        curs.execute("select title from back where title = ? and link = ? and type = ?", [data_in[1], data_in[0], data_in[2]])
+        curs.execute(db_change("select title from back where title = ? and link = ? and type = ?"), [data_in[1], data_in[0], data_in[2]])
         if not curs.fetchall():
-            curs.execute("insert into back (title, link, type) values (?, ?, ?)", [data_in[1], data_in[0], data_in[2]])
+            curs.execute(db_change("insert into back (title, link, type) values (?, ?, ?)"), [data_in[1], data_in[0], data_in[2]])
 
 def namumark(title, data, num, include):
-    curs.execute('select data from other where name = "markup"')
+    curs.execute(db_change('select data from other where name = "markup"'))
     rep_data = curs.fetchall()
     if rep_data[0][0] == 'namumark':
         data = namu(conn, data, title, num, include)

route/tool/set_mark/namu.py

@@ -431,7 +431,7 @@ def namu(conn, data, title, main_num, include_num):
 
             backlink += [[title, include_link, 'include']]
 
-            curs.execute("select title from data where title = ?", [include_data])
+            curs.execute(tool.db_change("select title from data where title = ?"), [include_data])
             if curs.fetchall():
                 data = include_re.sub('<div id="include_' + str(i) + '"></div>', data, 1)
 
@@ -616,7 +616,7 @@ def namu(conn, data, title, main_num, include_num):
 
     pagecount_re = re.compile('\[pagecount\]', re.I)
 
-    curs.execute('select data from other where name = "count_all_title"')
+    curs.execute(tool.db_change('select data from other where name = "count_all_title"'))
     all_title = curs.fetchall()
 
     data = pagecount_re.sub(all_title[0][0], data)
@@ -840,7 +840,7 @@ def namu(conn, data, title, main_num, include_num):
                     file_src = '/image/' + tool.sha224(file_name) + '.' + file_end
                     file_alt = 'file:' + file_name + '.' + file_end
 
-                    curs.execute("select title from data where title = ?", [file_alt])
+                    curs.execute(tool.db_change("select title from data where title = ?"), [file_alt])
                     exist = curs.fetchall()
                 
                 if exist:
@@ -877,7 +877,7 @@ def namu(conn, data, title, main_num, include_num):
                 inter_data = re.search('^inter:((?:(?!:).)+):((?:(?!\]\]|\|).)+)', main_link)
                 inter_data = inter_data.groups()
 
-                curs.execute('select link, icon from inter where title = ?', [inter_data[0]])
+                curs.execute(tool.db_change('select link, icon from inter where title = ?'), [inter_data[0]])
                 inter = curs.fetchall()
                 if inter:
                     if inter[0][1] != '':
@@ -926,7 +926,7 @@ def namu(conn, data, title, main_num, include_num):
                 if not re.search('^\|', main_link):
                     if main_link != title:
                         if main_link != '':
-                            curs.execute("select title from data where title = ?", [main_link])
+                            curs.execute(tool.db_change("select title from data where title = ?"), [main_link])
                             if not curs.fetchall():
                                 link_id = 'id="not_thing"'
 

route/tool/set_mark/tool.py

@@ -6,6 +6,12 @@ import hashlib
 
 def get_time():
     return str(datetime.datetime.today().strftime("%Y-%m-%d %H:%M:%S"))
+
+def db_change(data):
+    # data = data.replace('%', '%%')
+    # data = data.replace('?', '%s')
+
+    return data
     
 def ip_check(d_type = 0):
     if d_type == 0:

route/topic.py

@@ -6,7 +6,7 @@ def topic_2(conn, name, sub):
     ban = topic_check(name, sub)
     admin = admin_check(3)
 
-    curs.execute("select id from topic where title = ? and sub = ? limit 1", [name, sub])
+    curs.execute(db_change("select id from topic where title = ? and sub = ? limit 1"), [name, sub])
     topic_exist = curs.fetchall()
     if not topic_exist and len(sub) > 256:
         return re_error('/error/11')
@@ -23,7 +23,7 @@ def topic_2(conn, name, sub):
         if ban == 1:
             return re_error('/ban')
         
-        curs.execute("select id from topic where title = ? and sub = ? order by id + 0 desc limit 1", [name, sub])
+        curs.execute(db_change("select id from topic where title = ? and sub = ? order by id + 0 desc limit 1"), [name, sub])
         old_num = curs.fetchall()
         if old_num:
             num = int(old_num[0][0]) + 1
@@ -34,23 +34,23 @@ def topic_2(conn, name, sub):
         if match:
             y_check = 0
             if ip_or_user(match.groups()[0]) == 1:
-                curs.execute("select ip from history where ip = ? limit 1", [match.groups()[0]])
+                curs.execute(db_change("select ip from history where ip = ? limit 1"), [match.groups()[0]])
                 u_data = curs.fetchall()
                 if u_data:
                     y_check = 1
                 else:
-                    curs.execute("select ip from topic where ip = ? limit 1", [match.groups()[0]])
+                    curs.execute(db_change("select ip from topic where ip = ? limit 1"), [match.groups()[0]])
                     u_data = curs.fetchall()
                     if u_data:
                         y_check = 1
             else:
-                curs.execute("select id from user where id = ?", [match.groups()[0]])
+                curs.execute(db_change("select id from user where id = ?"), [match.groups()[0]])
                 u_data = curs.fetchall()
                 if u_data:
                     y_check = 1
 
             if y_check == 1:
-                curs.execute('insert into alarm (name, data, date) values (?, ?, ?)', [
+                curs.execute(db_change('insert into alarm (name, data, date) values (?, ?, ?)'), [
                     match.groups()[0], 
                     ip + ' - <a href="/topic/' + url_pas(name) + '/sub/' + url_pas(sub) + '">' + load_lang('user_discussion', 1) + '</a>', 
                     today
@@ -60,10 +60,10 @@ def topic_2(conn, name, sub):
         data = cate_re.sub('[br]', flask.request.form.get('content', 'Test'))
         
         for rd_data in re.findall("(?:#([0-9]+))", data):
-            curs.execute("select ip from topic where title = ? and sub = ? and id = ?", [name, sub, rd_data])
+            curs.execute(db_change("select ip from topic where title = ? and sub = ? and id = ?"), [name, sub, rd_data])
             ip_data = curs.fetchall()
             if ip_data and ip_or_user(ip_data[0][0]) == 0:
-                curs.execute('insert into alarm (name, data, date) values (?, ?, ?)', [ip_data[0][0], ip + ' - <a href="/topic/' + url_pas(name) + '/sub/' + url_pas(sub) + '#' + str(num) + '">' + load_lang('discussion', 1) + '</a>', today])
+                curs.execute(db_change('insert into alarm (name, data, date) values (?, ?, ?)'), [ip_data[0][0], ip + ' - <a href="/topic/' + url_pas(name) + '/sub/' + url_pas(sub) + '#' + str(num) + '">' + load_lang('discussion', 1) + '</a>', today])
             
         data = re.sub("(?P<in>#(?:[0-9]+))", '[[\g<in>]]', data)
 
@@ -71,14 +71,14 @@ def topic_2(conn, name, sub):
 
         rd_plus(name, sub, today)
 
-        curs.execute("insert into topic (id, title, sub, data, date, ip, block, top) values (?, ?, ?, ?, ?, ?, '', '')", [str(num), name, sub, data, today, ip])
+        curs.execute(db_change("insert into topic (id, title, sub, data, date, ip, block, top) values (?, ?, ?, ?, ?, ?, '', '')"), [str(num), name, sub, data, today, ip])
         conn.commit()
         
         return redirect('/topic/' + url_pas(name) + '/sub/' + url_pas(sub) + '#reload')
     else:
         data = ''
     
-        curs.execute("select stop from rd where title = ? and sub = ? and stop != ''", [name, sub])
+        curs.execute(db_change("select stop from rd where title = ? and sub = ? and stop != ''"), [name, sub])
         close_data = curs.fetchall()
         if (close_data and admin != 1) or topic_check(name, sub) == 1:
             display = 'display: none;'

route/topic_admin.py

@@ -3,7 +3,7 @@ from .tool.func import *
 def topic_admin_2(conn, name, sub, num):
     curs = conn.cursor()
 
-    curs.execute("select block, ip, date from topic where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+    curs.execute(db_change("select block, ip, date from topic where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
     data = curs.fetchall()
     if not data:
         return redirect('/topic/' + url_pas(name) + '/sub/' + url_pas(sub))
@@ -24,10 +24,10 @@ def topic_admin_2(conn, name, sub, num):
     '''
 
     if admin_check(3) == 1:
-        curs.execute("select id from topic where title = ? and sub = ? and id = ? and top = 'O'", [name, sub, str(num)])
+        curs.execute(db_change("select id from topic where title = ? and sub = ? and id = ? and top = 'O'"), [name, sub, str(num)])
         top_topic_d = curs.fetchall()
 
-        curs.execute("select end from ban where block = ?", [data[0][1]])
+        curs.execute(db_change("select end from ban where block = ?"), [data[0][1]])
         user_ban_d = curs.fetchall()
         
         ban += '''

route/topic_block.py

@@ -6,13 +6,13 @@ def topic_block_2(conn, name, sub, num):
     if admin_check(3, 'blind (' + name + ' - ' + sub + '#' + str(num) + ')') != 1:
         return re_error('/error/3')
 
-    curs.execute("select block from topic where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+    curs.execute(db_change("select block from topic where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
     block = curs.fetchall()
     if block:
         if block[0][0] == 'O':
-            curs.execute("update topic set block = '' where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+            curs.execute(db_change("update topic set block = '' where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
         else:
-            curs.execute("update topic set block = 'O' where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+            curs.execute(db_change("update topic set block = 'O' where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
         
         rd_plus(name, sub, get_time())
         

route/topic_close_list.py

@@ -9,7 +9,7 @@ def topic_close_list_2(conn, name, tool):
         t_num = ''
         
         while 1:
-            curs.execute("select title from topic where title = ? and sub = ? limit 1", [name, flask.request.form.get('topic', None) + t_num])
+            curs.execute(db_change("select title from topic where title = ? and sub = ? limit 1"), [name, flask.request.form.get('topic', None) + t_num])
             if curs.fetchall():
                 if t_num == '':
                     t_num = ' 2'
@@ -24,15 +24,15 @@ def topic_close_list_2(conn, name, tool):
         menu = [['topic/' + url_pas(name), load_lang('return')]]
         
         if tool == 'close':
-            curs.execute("select sub from rd where title = ? and stop = 'O' order by sub asc", [name])
+            curs.execute(db_change("select sub from rd where title = ? and stop = 'O' order by sub asc"), [name])
             
             sub = load_lang('closed_discussion')
         elif tool == 'agree':
-            curs.execute("select sub from rd where title = ? and agree = 'O' order by sub asc", [name])
+            curs.execute(db_change("select sub from rd where title = ? and agree = 'O' order by sub asc"), [name])
             
             sub = load_lang('agreed_discussion')
         else:
-            curs.execute("select sub from rd where title = ? order by date desc", [name])
+            curs.execute(db_change("select sub from rd where title = ? order by date desc"), [name])
             
             sub = load_lang('discussion_list')
             
@@ -50,17 +50,17 @@ def topic_close_list_2(conn, name, tool):
         for data in curs.fetchall():
             t_num += 1
             
-            curs.execute("select data, date, ip, block from topic where title = ? and sub = ? and id = '1'", [name, data[0]])
+            curs.execute(db_change("select data, date, ip, block from topic where title = ? and sub = ? and id = '1'"), [name, data[0]])
             if curs.fetchall():                
                 it_p = 0
                 
                 if sub == load_lang('discussion_list'):
-                    curs.execute("select title from rd where title = ? and sub = ? and stop = 'O' order by sub asc", [name, data[0]])
+                    curs.execute(db_change("select title from rd where title = ? and sub = ? and stop = 'O' order by sub asc"), [name, data[0]])
                     if curs.fetchall():
                         it_p = 1
                 
                 if it_p != 1:
-                    curs.execute("select id from topic where title = ? and sub = ? order by date desc limit 1", [name, data[0]])
+                    curs.execute(db_change("select id from topic where title = ? and sub = ? order by date desc limit 1"), [name, data[0]])
                     t_data = curs.fetchall()
                 
                     div += '''

route/topic_stop.py

@@ -10,14 +10,14 @@ def topic_stop_2(conn, name, sub):
     time = get_time()
 
     if flask.request.method == 'POST':
-        curs.execute("select id from topic where title = ? and sub = ? order by id + 0 desc limit 1", [name, sub])
+        curs.execute(db_change("select id from topic where title = ? and sub = ? order by id + 0 desc limit 1"), [name, sub])
         topic_check = curs.fetchall()
         if topic_check:
             stop_d = flask.request.form.get('stop_d', '')
             why_d = flask.request.form.get('why', '')
             agree_d = flask.request.form.get('agree', '')
 
-            curs.execute("update rd set stop = ?, agree = ? where title = ? and sub = ?", [
+            curs.execute(db_change("update rd set stop = ?, agree = ? where title = ? and sub = ?"), [
                 stop_d,
                 agree_d,
                 name, 
@@ -31,7 +31,7 @@ def topic_stop_2(conn, name, sub):
             else:
                 t_state = 'Normal'
 
-            curs.execute("insert into topic (id, title, sub, data, date, ip, block, top) values (?, ?, ?, ?, ?, ?, '', '1')", [
+            curs.execute(db_change("insert into topic (id, title, sub, data, date, ip, block, top) values (?, ?, ?, ?, ?, ?, '', '1')"), [
                 str(int(topic_check[0][0]) + 1), 
                 name, 
                 sub, 
@@ -47,7 +47,7 @@ def topic_stop_2(conn, name, sub):
         stop_d_list = ''
         agree_check = ''
 
-        curs.execute("select stop, agree from rd where title = ? and sub = ? limit 1", [name, sub])
+        curs.execute(db_change("select stop, agree from rd where title = ? and sub = ? limit 1"), [name, sub])
         rd_d = curs.fetchall()
         if rd_d[0][0] == 'O':
             stop_d_list += '''

route/topic_tool.py

@@ -5,7 +5,7 @@ def topic_tool_2(conn, name, sub):
 
     data = ''
 
-    curs.execute("select stop, agree from rd where title = ? and sub = ?", [name, sub])
+    curs.execute(db_change("select stop, agree from rd where title = ? and sub = ?"), [name, sub])
     close_data = curs.fetchall()
     if close_data:
         if close_data[0][0] == 'S':

route/topic_top.py

@@ -6,15 +6,15 @@ def topic_top_2(conn, name, sub, num):
     if admin_check(3, 'notice (' + name + ' - ' + sub + '#' + str(num) + ')') != 1:
         return re_error('/error/3')
 
-    curs.execute("select title from topic where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+    curs.execute(db_change("select title from topic where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
     if curs.fetchall():
-        curs.execute("select top from topic where id = ? and title = ? and sub = ?", [str(num), name, sub])
+        curs.execute(db_change("select top from topic where id = ? and title = ? and sub = ?"), [str(num), name, sub])
         top_data = curs.fetchall()
         if top_data:
             if top_data[0][0] == 'O':
-                curs.execute("update topic set top = '' where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+                curs.execute(db_change("update topic set top = '' where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
             else:
-                curs.execute("update topic set top = 'O' where title = ? and sub = ? and id = ?", [name, sub, str(num)])
+                curs.execute(db_change("update topic set top = 'O' where title = ? and sub = ? and id = ?"), [name, sub, str(num)])
         
         rd_plus(name, sub, get_time())
 

route/user_count_edit.py

@@ -8,14 +8,14 @@ def user_count_edit_2(conn, name):
     else:
         that = name
 
-    curs.execute("select count(title) from history where ip = ?", [that])
+    curs.execute(db_change("select count(title) from history where ip = ?"), [that])
     count = curs.fetchall()
     if count:
         data = count[0][0]
     else:
         data = 0
 
-    curs.execute("select count(title) from topic where ip = ?", [that])
+    curs.execute(db_change("select count(title) from topic where ip = ?"), [that])
     count = curs.fetchall()
     if count:
         t_data = count[0][0]

route/user_custom_head_view.py

@@ -7,11 +7,11 @@ def user_custom_head_view_2(conn):
 
     if flask.request.method == 'POST':
         if ip_or_user(ip) == 0:
-            curs.execute("select user from custom where user = ?", [ip + ' (head)'])
+            curs.execute(db_change("select user from custom where user = ?"), [ip + ' (head)'])
             if curs.fetchall():
-                curs.execute("update custom set css = ? where user = ?", [flask.request.form.get('content', None), ip + ' (head)'])
+                curs.execute(db_change("update custom set css = ? where user = ?"), [flask.request.form.get('content', None), ip + ' (head)'])
             else:
-                curs.execute("insert into custom (user, css) values (?, ?)", [ip + ' (head)', flask.request.form.get('content', None)])
+                curs.execute(db_change("insert into custom (user, css) values (?, ?)"), [ip + ' (head)', flask.request.form.get('content', None)])
             
             conn.commit()
 
@@ -22,7 +22,7 @@ def user_custom_head_view_2(conn):
         if ip_or_user(ip) == 0:
             start = ''
 
-            curs.execute("select css from custom where user = ?", [ip + ' (head)'])
+            curs.execute(db_change("select css from custom where user = ?"), [ip + ' (head)'])
             head_data = curs.fetchall()
             if head_data:
                 data = head_data[0][0]

route/user_info.py

@@ -5,7 +5,7 @@ def user_info_2(conn):
 
     ip = ip_check()
 
-    curs.execute('select name from alarm where name = ? limit 1', [ip_check()])
+    curs.execute(db_change('select name from alarm where name = ? limit 1'), [ip_check()])
     if curs.fetchall():
         plus2 = '<li><a href="/alarm">' + load_lang('alarm') + ' (O)</a></li>'
     else:
@@ -26,7 +26,7 @@ def user_info_2(conn):
         '''
         plus3 = ''
 
-        curs.execute("select data from other where name = 'email_have'")
+        curs.execute(db_change("select data from other where name = 'email_have'"))
         test = curs.fetchall()
         if test and test[0][0] != '':
             plus += '<li><a href="/pass_find">' + load_lang('password_search') + '</a></li>'

route/user_setting.py

@@ -15,17 +15,17 @@ def user_setting_2(conn, server_init):
 
             for auto_data in auto_list:
                 if flask.request.form.get(auto_data, '') != '':
-                    curs.execute('select data from user_set where name = ? and id = ?', [auto_data, ip])
+                    curs.execute(db_change('select data from user_set where name = ? and id = ?'), [auto_data, ip])
                     if curs.fetchall():
-                        curs.execute("update user_set set data = ? where name = ? and id = ?", [flask.request.form.get(auto_data, ''), auto_data, ip])
+                        curs.execute(db_change("update user_set set data = ? where name = ? and id = ?"), [flask.request.form.get(auto_data, ''), auto_data, ip])
                     else:
-                        curs.execute("insert into user_set (name, id, data) values (?, ?, ?)", [auto_data, ip, flask.request.form.get(auto_data, '')])
+                        curs.execute(db_change("insert into user_set (name, id, data) values (?, ?, ?)"), [auto_data, ip, flask.request.form.get(auto_data, '')])
 
             conn.commit()
             
             return redirect('/change')
         else:        
-            curs.execute('select data from user_set where name = "email" and id = ?', [ip])
+            curs.execute(db_change('select data from user_set where name = "email" and id = ?'), [ip])
             data = curs.fetchall()
             if data:
                 email = data[0][0]
@@ -35,10 +35,10 @@ def user_setting_2(conn, server_init):
             div2 = load_skin()
             div3 = ''
 
-            curs.execute('select data from user_set where name = "lang" and id = ?', [flask.session['id']])
+            curs.execute(db_change('select data from user_set where name = "lang" and id = ?'), [flask.session['id']])
             data = curs.fetchall()
             if not data:
-                curs.execute('select data from other where name = "language"')
+                curs.execute(db_change('select data from other where name = "language"'))
                 data = curs.fetchall()
                 if not data:
                     data = [['en-US']]
@@ -52,7 +52,7 @@ def user_setting_2(conn, server_init):
             oauth_provider = load_oauth('_README')['support']
             oauth_content = '<ul>'
             for i in range(len(oauth_provider)):
-                curs.execute('select name, picture from oauth_conn where wiki_id = ? and provider = ?', [flask.session['id'], oauth_provider[i]])
+                curs.execute(db_change('select name, picture from oauth_conn where wiki_id = ? and provider = ?'), [flask.session['id'], oauth_provider[i]])
                 oauth_data = curs.fetchall()
                 if len(oauth_data) == 1:
                     oauth_content += '<li>{}</li>'.format(oauth_provider[i].capitalize() + ' : <img src="{}" width="17px" height="17px"> {}'.format(oauth_data[0][1], oauth_data[0][0]))

route/user_tool.py

@@ -12,7 +12,7 @@ def user_tool_2(conn, name):
     '''
             
     if admin_check(1) == 1:
-        curs.execute("select block from ban where block = ?", [name])
+        curs.execute(db_change("select block from ban where block = ?"), [name])
         if curs.fetchall():
             ban_name = load_lang('ban_release')
         else:

route/view_diff_data.py

@@ -9,14 +9,14 @@ def view_diff_data_2(conn, name):
     first = number_check(flask.request.args.get('first', '1'))
     second = number_check(flask.request.args.get('second', '1'))
 
-    curs.execute("select title from history where title = ? and (id = ? or id = ?) and hide = 'O'", [name, first, second])
+    curs.execute(db_change("select title from history where title = ? and (id = ? or id = ?) and hide = 'O'"), [name, first, second])
     if curs.fetchall() and admin_check(6) != 1:
         return re_error('/error/3')
 
-    curs.execute("select data from history where id = ? and title = ?", [first, name])
+    curs.execute(db_change("select data from history where id = ? and title = ?"), [first, name])
     first_raw_data = curs.fetchall()
     if first_raw_data:
-        curs.execute("select data from history where id = ? and title = ?", [second, name])
+        curs.execute(db_change("select data from history where id = ? and title = ?"), [second, name])
         second_raw_data = curs.fetchall()
         if second_raw_data:
             first_data = html.escape(first_raw_data[0][0])            

route/view_down.py

@@ -5,7 +5,7 @@ def view_down_2(conn, name):
 
     div = '<ul>'
 
-    curs.execute("select title from data where title like ?", [name + '/%'])
+    curs.execute(db_change("select title from data where title like ?"), [name + '/%'])
     for data in curs.fetchall():
         div += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
         

route/view_raw.py

@@ -15,27 +15,27 @@ def view_raw_2(conn, name, sub_title, num):
             num = int(number_check(num))
     
     if not sub_title and num:
-        curs.execute("select title from history where title = ? and id = ? and hide = 'O'", [name, str(num)])
+        curs.execute(db_change("select title from history where title = ? and id = ? and hide = 'O'"), [name, str(num)])
         if curs.fetchall() and admin_check(6) != 1:
             return re_error('/error/3')
         
-        curs.execute("select data from history where title = ? and id = ?", [name, str(num)])
+        curs.execute(db_change("select data from history where title = ? and id = ?"), [name, str(num)])
         
         sub += ' (r' + str(num) + ')'
 
         menu = [['history/' + url_pas(name), load_lang('history')]]
     elif sub_title:
         if admin_check(6) != 1:
-            curs.execute("select data from topic where id = ? and title = ? and sub = ? and block = ''", [str(num), name, sub_title])
+            curs.execute(db_change("select data from topic where id = ? and title = ? and sub = ? and block = ''"), [str(num), name, sub_title])
         else:
-            curs.execute("select data from topic where id = ? and title = ? and sub = ?", [str(num), name, sub_title])
+            curs.execute(db_change("select data from topic where id = ? and title = ? and sub = ?"), [str(num), name, sub_title])
         
         v_name = load_lang('discussion_raw')
         sub = ' (#' + str(num) + ')'
 
         menu = [['topic/' + url_pas(name) + '/sub/' + url_pas(sub_title) + '#' + str(num), load_lang('discussion')], ['topic/' + url_pas(name) + '/sub/' + url_pas(sub_title) + '/admin/' + str(num), load_lang('return')]]
     else:
-        curs.execute("select data from data where title = ?", [name])
+        curs.execute(db_change("select data from data where title = ?"), [name])
         
         menu = [['w/' + url_pas(name), load_lang('return')]]
 

route/view_read.py

@@ -12,23 +12,23 @@ def view_read_2(conn, name):
         num = int(number_check(num))
     else:
         if not flask.request.args.get('from', None):
-            curs.execute("select title from back where link = ? and type = 'redirect'", [name])
+            curs.execute(db_change("select title from back where link = ? and type = 'redirect'"), [name])
             r_db = curs.fetchall()
             if r_db:
                 r_data = link_fix(r_db[0][0])
             
                 return redirect('/w/' + r_data[0] + '?from=' + name + r_data[1])
 
-    curs.execute("select sub from rd where title = ? and not stop = 'O' order by date desc", [name])
+    curs.execute(db_change("select sub from rd where title = ? and not stop = 'O' order by date desc"), [name])
     if curs.fetchall():
         sub += ' (' + load_lang('discussion') + ')'
         topic = 1
     else:
         topic = 0
 
-    curs.execute("select link from back where title = ? and type = 'cat' order by link asc", [name])
+    curs.execute(db_change("select link from back where title = ? and type = 'cat' order by link asc"), [name])
                 
-    curs.execute("select title from data where title like ?", ['%' + name + '/%'])
+    curs.execute(db_change("select title from data where title like ?"), ['%' + name + '/%'])
     if curs.fetchall():
         down = 1
     else:
@@ -41,7 +41,7 @@ def view_read_2(conn, name):
         uppage = 0
         
     if re.search('^category:', name):        
-        curs.execute("select link from back where title = ? and type = 'cat' order by link asc", [name])
+        curs.execute(db_change("select link from back where title = ? and type = 'cat' order by link asc"), [name])
         back = curs.fetchall()
         if back:
             div = '<br><h2 id="cate_normal">' + load_lang('category') + '</h2><ul>'
@@ -51,7 +51,7 @@ def view_read_2(conn, name):
                 if re.search('^category:', data[0]):
                     u_div += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a></li>'
                 else:
-                    curs.execute("select title from back where title = ? and type = 'include'", [data[0]])
+                    curs.execute(db_change("select title from back where title = ? and type = 'include'"), [data[0]])
                     db_data = curs.fetchall()
                     if db_data:
                         div += '<li><a href="/w/' + url_pas(data[0]) + '">' + data[0] + '</a> <a id="inside" href="/xref/' + url_pas(data[0]) + '">(' + load_lang('backlink') + ')</a></li>'
@@ -68,13 +68,13 @@ def view_read_2(conn, name):
 
 
     if num:
-        curs.execute("select title from history where title = ? and id = ? and hide = 'O'", [name, str(num)])
+        curs.execute(db_change("select title from history where title = ? and id = ? and hide = 'O'"), [name, str(num)])
         if curs.fetchall() and admin_check(6) != 1:
             return redirect('/history/' + url_pas(name))
 
-        curs.execute("select title, data from history where title = ? and id = ?", [name, str(num)])
+        curs.execute(db_change("select title, data from history where title = ? and id = ?"), [name, str(num)])
     else:
-        curs.execute("select title, data from data where title = ?", [name])
+        curs.execute(db_change("select title, data from data where title = ?"), [name])
     
     data = curs.fetchall()
     if data:
@@ -82,7 +82,7 @@ def view_read_2(conn, name):
     else:
         else_data = None
 
-    curs.execute("select decu from acl where title = ?", [name])
+    curs.execute(db_change("select decu from acl where title = ?"), [name])
     data = curs.fetchall()
     if data:
         acl += ' (' + load_lang('acl') + ')'
@@ -99,7 +99,7 @@ def view_read_2(conn, name):
     if end_data == 'HTTP Request 401.3':
         response_data = 401
         
-        curs.execute('select data from other where name = "error_401"')
+        curs.execute(db_change('select data from other where name = "error_401"'))
         sql_d = curs.fetchall()
         if sql_d and sql_d[0][0] != '':
             end_data = '<h2>' + load_lang('error') + '</h2><ul><li>' + sql_d[0][0] + '</li></ul>'
@@ -108,14 +108,14 @@ def view_read_2(conn, name):
     elif end_data == 'HTTP Request 404':
         response_data = 404
         
-        curs.execute('select data from other where name = "error_404"')
+        curs.execute(db_change('select data from other where name = "error_404"'))
         sql_d = curs.fetchall()
         if sql_d and sql_d[0][0] != '':
             end_data = '<h2>' + load_lang('error') + '</h2><ul><li>' + sql_d[0][0] + '</li></ul>'
         else:
             end_data = '<h2>' + load_lang('error') + '</h2><ul><li>' + load_lang('decument_404_error') + '</li></ul>'
             
-        curs.execute('select ip, date, leng, send from history where title = ? order by id desc limit 3', [name])
+        curs.execute(db_change('select ip, date, leng, send from history where title = ? order by id desc limit 3'), [name])
         sql_d = curs.fetchall()
         if sql_d:
             end_data += '<h2>' + load_lang('history') + '</h2><ul>'
@@ -161,7 +161,7 @@ def view_read_2(conn, name):
         if down:
             menu += [['down/' + url_pas(name), load_lang('sub')]]
     
-        curs.execute("select date from history where title = ? order by date desc limit 1", [name])
+        curs.execute(db_change("select date from history where title = ? order by date desc limit 1"), [name])
         date = curs.fetchall()
         if date:
             r_date = date[0][0]
@@ -172,20 +172,20 @@ def view_read_2(conn, name):
             
     adsense_code = '<div align="center" style="display: block; margin-bottom: 10px;">{}</div>'
 
-    curs.execute("select data from other where name = 'adsense'")
+    curs.execute(db_change("select data from other where name = 'adsense'"))
     adsense_enabled = curs.fetchall()[0][0]
     if adsense_enabled == 'True':
-        curs.execute("select data from other where name = 'adsense_code'")
+        curs.execute(db_change("select data from other where name = 'adsense_code'"))
         adsense_code = adsense_code.format(curs.fetchall()[0][0])
     else:
         adsense_code = adsense_code.format('')
 
-    curs.execute("select data from other where name = 'body'")
+    curs.execute(db_change("select data from other where name = 'body'"))
     body = curs.fetchall()
     if body:
         div = body[0][0] + '<hr class=\"main_hr\">' + div
         
-    curs.execute("select data from other where name = 'bottom_body'")
+    curs.execute(db_change("select data from other where name = 'bottom_body'"))
     body = curs.fetchall()
     if body:
         div += '<hr class=\"main_hr\">' + body[0][0]

route/view_xref.py

@@ -17,11 +17,11 @@ def view_xref_2(conn, name):
     if re.search('#', name):
         name = re.sub('#', '\\\\#', name)
     
-    curs.execute("" + \
+    curs.execute(db_change("" + \
         "select link, type from back " + \
         "where (title = ? and not type = 'cat' and not type = 'no') or (title like ? and type = 'redirect')" + \
         "order by link asc limit ?, '50'" + \
-    "", [
+    ""), [
         name,
         name + '#s-%',
         str(sql_num)
@@ -33,7 +33,7 @@ def view_xref_2(conn, name):
         if data[1]:                
             div += ' (' + data[1] + ')'
         
-        curs.execute("select title from back where title = ? and type = 'include'", [data[0]])
+        curs.execute(db_change("select title from back where title = ? and type = 'include'"), [data[0]])
         db_data = curs.fetchall()
         if db_data:
             div += ' <a id="inside" href="/xref/' + url_pas(data[0]) + '">(' + load_lang('backlink') + ')</a>'

route/watch_list.py

@@ -9,10 +9,10 @@ def watch_list_2(conn):
     if ip_or_user(ip) != 0:
         return redirect('/login')
 
-    curs.execute("delete from scan where user = ? and title = ''", [ip])
+    curs.execute(db_change("delete from scan where user = ? and title = ''"), [ip])
     conn.commit()
 
-    curs.execute("select title from scan where user = ?", [ip])
+    curs.execute(db_change("select title from scan where user = ?"), [ip])
     data = curs.fetchall()
     for data_list in data:
         div += '<li><a href="/w/' + url_pas(data_list[0]) + '">' + data_list[0] + '</a> <a href="/watch_list/' + url_pas(data_list[0]) + '">(' + load_lang('delete') + ')</a></li>'

route/watch_list_name.py

@@ -7,16 +7,16 @@ def watch_list_name_2(conn, name):
     if ip_or_user(ip) != 0:
         return redirect('/login')
 
-    curs.execute("select count(title) from scan where user = ?", [ip])
+    curs.execute(db_change("select count(title) from scan where user = ?"), [ip])
     count = curs.fetchall()
     if count and count[0][0] > 9:
         return redirect('/watch_list')
 
-    curs.execute("select title from scan where user = ? and title = ?", [ip, name])
+    curs.execute(db_change("select title from scan where user = ? and title = ?"), [ip, name])
     if curs.fetchall():
-        curs.execute("delete from scan where user = ? and title = ?", [ip, name])
+        curs.execute(db_change("delete from scan where user = ? and title = ?"), [ip, name])
     else:
-        curs.execute("insert into scan (user, title) values (?, ?)", [ip, name])
+        curs.execute(db_change("insert into scan (user, title) values (?, ?)"), [ip, name])
     
     conn.commit()