refactor: Update SQL queries to use parameterized queries in trading_plan.py

src/trading/trading_plan.py

@@ -329,12 +329,15 @@ def link_trades_to_plan(plan_id: int, trade_ids: List[int]) -> bool:
         try:
             # Update trades to link them to the plan
             trade_ids_str = ", ".join(map(str, trade_ids))
-            query = f"""
+            query = """
                 ALTER TABLE stock_db.trades
-                UPDATE plan_id = {plan_id}
+                UPDATE plan_id = %(plan_id)s
-                WHERE id IN ({trade_ids_str})
+                WHERE id IN (%(trade_ids)s)
             """
-            client.command(query)
+            client.command(query, {
+                'plan_id': plan_id,
+                'trade_ids': trade_ids_str
+            })
             return True
         except Exception as e:
             print(f"Error linking trades to plan: {e}")
@@ -343,13 +346,13 @@ def link_trades_to_plan(plan_id: int, trade_ids: List[int]) -> bool:
 def get_plan_trades(plan_id: int) -> List[dict]:
     """Get all trades associated with a trading plan"""
     with create_client() as client:
-        query = f"""
+        query = """
             SELECT *
             FROM stock_db.trades
-            WHERE plan_id = {plan_id}
+            WHERE plan_id = %(plan_id)s
             ORDER BY entry_date DESC
         """
-        result = client.query(query)
+        result = client.query(query, {'plan_id': plan_id})
         return [dict(zip(
             ['id', 'position_id', 'ticker', 'entry_date', 'shares', 'entry_price',
              'target_price', 'stop_loss', 'strategy', 'order_type', 'direction',