[chronojump/chronojump-importer] Avoids concatenating where values using a string - uses sqlite3 python placeholders.

[Carles Pina i Estany <carlespina src gnome org>]

commit ce8572a1f656fb0a516099d81f99cf2d0b64558a
Author: Carles Pina i Estany <carles pina cat>
Date:   Mon Sep 5 18:39:31 2016 +0100

    Avoids concatenating where values using a string - uses sqlite3 python placeholders.

 src/chronojump-importer/chronojump_importer.py |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/src/chronojump-importer/chronojump_importer.py b/src/chronojump-importer/chronojump_importer.py
index e55b4d2..97e254a 100755
--- a/src/chronojump-importer/chronojump_importer.py
+++ b/src/chronojump-importer/chronojump_importer.py
@@ -58,16 +58,18 @@ def insert_data_into_table(cursor, table_name, data, matches_columns):
             if len(matches_columns) == 0:
                 where = "1=1"
             else:
+                where_values = []
                 for column in matches_columns:
                     if where != "":
                         where += " AND "
-                    where += "{} = '{}'".format(column, row[column])
+                    where += "{} = ?".format(column)
+                    where_values.append(row[column])
 
             format_data = {}
             format_data['table_name'] = table_name
             format_data['where_clause'] = " WHERE {}".format(where)
             sql = "SELECT uniqueID FROM {table_name} {where_clause}".format(**format_data)
-            execute_and_log(cursor, sql)
+            cursor.execute(sql, where_values)
 
             results = cursor.fetchall()