From 3bdd1fcb1f0fbb7f00bc9a22f17d00ff8044cafc Mon Sep 17 00:00:00 2001
From: Clemens Berteld <clemens@berteld.com>
Date: Sun, 5 Sep 2021 19:44:18 +0200
Subject: [PATCH] Added some comments

---
 dataacquisition/api.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/dataacquisition/api.py b/dataacquisition/api.py
index 34df101..6f6dac0 100644
--- a/dataacquisition/api.py
+++ b/dataacquisition/api.py
@@ -13,9 +13,9 @@ app.config['TESTING'] = False
 
 @app.route('/', methods=['GET'])
 def index():
-    columns = sql.SQL(' * ')
-    wheres = sql.SQL('')
-    values = ''  # Gets used in cursor.execute()s' second parameter for safety reasons
+    columns = sql.SQL(' * ')    # columns to be queried (e.g. years)
+    wheres = sql.SQL('')        # where filters
+    values = ''                 # Used in second parameter of cursor.execute() (Avoids SQL injection)
 
     if 'id' in request.args:
         station_id = request.args['id']
@@ -41,7 +41,8 @@ def index():
     #         values = (*values, n)  # adding n to existing tuple
 
     query = sql.SQL("SELECT array_to_json(array_agg(row_to_json(t))) from ("
-                    "SELECT {} FROM stations WHERE lon IS NOT NULL "
+                    "SELECT {} FROM stations "
+                    "WHERE lon IS NOT NULL "    # Unnecessary filter, just so the real filters can always be written with AND
                     "{} "
                     ") t;").format(columns, wheres)
 
-- 
GitLab