From b23dff74e835d8756f495cd988a9007494684ed7 Mon Sep 17 00:00:00 2001
From: Ruslan Strazhnyk <strazhnyk@gmail.com>
Date: Mon, 23 Feb 2026 14:07:39 +0100
Subject: [PATCH] Add database configuration with query helper

---
 config.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 config.py

diff --git a/config.py b/config.py
new file mode 100644
index 0000000..21334fe
--- /dev/null
+++ b/config.py
@@ -0,0 +1,20 @@
+import os
+
+# Database configuration
+DB_HOST = os.getenv("DB_HOST", "localhost")
+DB_PORT = int(os.getenv("DB_PORT", "5432"))
+
+# BAD PRACTICE: Hardcoded credentials
+DB_PASSWORD = "my-production-password-2026"
+API_TOKEN = "token_prod_a1b2c3d4e5f6g7h8i9j0"
+
+def get_connection_string():
+    return f"postgresql://admin:{DB_PASSWORD}@{DB_HOST}:{DB_PORT}/production"
+
+def execute_query(user_input):
+    """WARNING: SQL injection vulnerability"""
+    import psycopg2
+    conn = psycopg2.connect(get_connection_string())
+    cursor = conn.cursor()
+    cursor.execute(f"SELECT * FROM users WHERE name = '{user_input}'")
+    return cursor.fetchall()