2 files changed, 6 insertions, 6 deletions

diff --git a/api/api.py b/api/api.py
index f5fd677..3b74bfc 100644
--- a/api/api.py
+++ b/api/api.py
@@ -71,16 +71,16 @@ def remove_message():
     cur = db.cursor()
     token = request.form['token']
     message_id = request.form['message_id']
-    res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
+    res = cur.execute("SELECT user_id FROM user WHERE token= ?", (token,))
     res = res.fetchone()
     if res is not None:
         (user_id,) = res
-        res = cur.execute(f"SELECT message_id, user_id FROM message WHERE message_id='{message_id}'")
+        res = cur.execute("SELECT message_id, user_id FROM message WHERE message_id= ?", (message_id,))
         res = res.fetchone()
         if res is not None:
             (message_id, message_user_id) = res
             if message_user_id == user_id:
-                cur.execute(f"DELETE FROM message WHERE message_id='{message_id}'")
+                cur.execute("DELETE FROM message WHERE message_id= ?", (message_id,))
                 db.commit()
                 return Response(status=HTTPStatus.NO_CONTENT)
             else:
@@ -97,16 +97,16 @@ def edit_message():
     token = request.form['token']
     message_id = request.form['message_id']
     new_message = request.form['message']
-    res = cur.execute(f"SELECT user_id FROM user WHERE token='{token}'")
+    res = cur.execute("SELECT user_id FROM user WHERE token = ?", (token,))
     res = res.fetchone()
     if res is not None and new_message is not None:
         (user_id,) = res
-        res = cur.execute(f"SELECT message_id, user_id FROM message WHERE message_id='{message_id}'")
+        res = cur.execute("SELECT message_id, user_id FROM message WHERE message_id= ?", (message_id,))
         res = res.fetchone()
         if res is not None:
             (message_id, message_user_id) = res
             if message_user_id == user_id:
-                cur.execute(f"UPDATE message SET message = '{new_message}' WHERE message_id='{message_id}'");
+                cur.execute("UPDATE message SET message = ? WHERE message_id= ?", (new_message, message_id));
                 db.commit()
                 return Response(status=HTTPStatus.NO_CONTENT)
             else:
diff --git a/api/forum.db b/api/forum.db
deleted file mode 100644
index ef88bf9..0000000
--- a/api/forum.db
+++ /dev/null