From ea2d418a53223f4bab5c8ad6ef532b15b51af2da Mon Sep 17 00:00:00 2001
From: Howl <the@howl.moe>
Date: Thu, 7 Apr 2016 12:43:39 +0200
Subject: [PATCH] more `LIMIT 1`s

---
 app/v1/token.go | 2 +-
 app/v1/user.go  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/v1/token.go b/app/v1/token.go
index c5f49d7..9179245 100644
--- a/app/v1/token.go
+++ b/app/v1/token.go
@@ -111,7 +111,7 @@ func TokenNewPOST(md common.MethodData) (r common.Response) {
 		ret.Token = tokenStr
 		id := 0
 
-		err := md.DB.QueryRow("SELECT id FROM tokens WHERE token=?", tokenMD5).Scan(&id)
+		err := md.DB.QueryRow("SELECT id FROM tokens WHERE token=? LIMIT 1", tokenMD5).Scan(&id)
 		if err == sql.ErrNoRows {
 			break
 		}
diff --git a/app/v1/user.go b/app/v1/user.go
index ddee2b6..13c744c 100644
--- a/app/v1/user.go
+++ b/app/v1/user.go
@@ -130,7 +130,7 @@ func UserWhatsTheIDGET(md common.MethodData) common.Response {
 		id      int
 		allowed int
 	)
-	err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ?", md.C.Param("username")).Scan(&id, &allowed)
+	err := md.DB.QueryRow("SELECT id, allowed FROM users WHERE username = ? LIMIT 1", md.C.Param("username")).Scan(&id, &allowed)
 	if err != nil || allowed != 1 {
 		return common.Response{
 			Code:    404,