From be06ea5097f3b3b9b0a736a022fdd1a025075454 Mon Sep 17 00:00:00 2001
From: siiky <github-siiky@net-c.cat>
Date: Mon, 2 Jun 2025 17:59:01 +0100
Subject: [PATCH] fix: parameterize query

---
 packages/server/lib/operator.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/server/lib/operator.js b/packages/server/lib/operator.js
index b6243f16..e715b412 100644
--- a/packages/server/lib/operator.js
+++ b/packages/server/lib/operator.js
@@ -2,8 +2,8 @@ const db = require('./db')
 const _ = require('lodash/fp')
 
 function getOperatorId(service) {
-  const sql = `SELECT operator_id FROM operator_ids WHERE service = '${service}'`
-  return db.oneOrNone(sql).then(_.get('operator_id'))
+  const sql = 'SELECT operator_id FROM operator_ids WHERE service = ${service}'
+  return db.oneOrNone(sql, { service }).then(_.get('operator_id'))
 }
 
 module.exports = { getOperatorId }