From 29fc5c669deb611a63452bd500a944bb34070bc5 Mon Sep 17 00:00:00 2001
From: Stephen Horvath <s.horvath@outlook.com.au>
Date: Sun, 13 Aug 2023 14:59:38 +1000
Subject: [PATCH] Use SQL parameters here too, just in case

---
 pialert/plugin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pialert/plugin.py b/pialert/plugin.py
index 5777e660..f86435ab 100755
--- a/pialert/plugin.py
+++ b/pialert/plugin.py
@@ -517,7 +517,7 @@ def process_plugin_events(db, plugin, pluginsState):
             sql.execute ("UPDATE Plugins_Objects set Plugin = ?, DateTimeChanged = ?, Watched_Value1 = ?, Watched_Value2 = ?, Watched_Value3 = ?, Watched_Value4 = ?, Status = ?, Extra = ?, ForeignKey = ? WHERE \"Index\" = ?", (plugObj.pluginPref, plugObj.changed, plugObj.watched1, plugObj.watched2, plugObj.watched3, plugObj.watched4, plugObj.status, plugObj.extra, plugObj.foreignKey, plugObj.index))
 
     # Update the Plugins_Events with the new statuses    
-    sql.execute (f'DELETE FROM Plugins_Events where Plugin = "{pluginPref}"')
+    sql.execute ('DELETE FROM Plugins_Events where Plugin = ?', pluginPref)
 
     for plugObj in pluginEvents: