From ef8e2d4089e30d379cbe912e59f61c7b8b186f7d Mon Sep 17 00:00:00 2001
From: Niels Thykier <niels@thykier.net>
Date: Sun, 7 Jun 2015 11:30:21 +0200
Subject: [PATCH 1/1] auto-decruft: Use bind variables

Signed-off-by: Niels Thykier <niels@thykier.net>
---
 dak/auto_decruft.py | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/dak/auto_decruft.py b/dak/auto_decruft.py
index e8ff995f..38e3b8c5 100644
--- a/dak/auto_decruft.py
+++ b/dak/auto_decruft.py
@@ -131,17 +131,20 @@ def removeNBS(suite_name, suite_id, session, dryrun):
             for architecture in arch_list:
                 if architecture in arch2ids:
                     arch2ids[architecture] = utils.get_architecture(architecture, session=session)
-            arch_ids = ", ".join(arch2ids[architecture] for architecture in arch_list)
-            pkg_db_set = ", ".join('"%s"' % package for package in pkg_list)
-            # TODO: Fix this properly to remove the remaining non-bind arguments
+            arch_ids = tuple(arch2ids[architecture] for architecture in arch_list)
+            params = {
+                suite_id: suite_id,
+                arch_ids: arch2ids,
+                pkg_list: tuple(pkg_list),
+            }
             q = session.execute("""
             SELECT b.package, b.version, a.arch_string, b.id
             FROM binaries b
                 JOIN bin_associations ba ON b.id = ba.bin
                 JOIN architecture a ON b.architecture = a.id
                 JOIN suite su ON ba.suite = su.id
-            WHERE a.id IN (%s) AND b.package IN (%s) AND su.id = :suite_id
-            """ % (arch_ids, pkg_db_set), { suite_id: suite_id})
+            WHERE a.id IN :arch_ids AND b.package IN :pkg_db_set AND su.id = :suite_id
+            """, params)
             remove(session, message, [suite_name], list(q), partial=True, whoami="DAK's auto-decrufter")
 
 ################################################################################
-- 
2.39.2