From 6cca55e37f0bce389c3094c5aae07ed1bbed3297 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Wed, 17 Sep 2025 10:50:35 -0400
Subject: [PATCH] fix: use parameterized query for key lookup

---
 src/database/postgres/main.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/database/postgres/main.js b/src/database/postgres/main.js
index c0838b45a0..5b3c7f7e9d 100644
--- a/src/database/postgres/main.js
+++ b/src/database/postgres/main.js
@@ -85,7 +85,8 @@ module.exports = function (module) {
 			text: `
 		SELECT o."_key"
 		FROM "legacy_object_live" o
-		WHERE o."_key" LIKE '${match}'`,
+		WHERE o."_key" LIKE $1`,
+			values: [match],
 		});
 
 		return res.rows.map(r => r._key);