- if query_db('select * from choices where id = ?', [request.form['choice']], one=True) is not None:
- g.db.execute('insert into user_choice (id_user, id_choice) values (?, ?)',
- [session.get('user').get('id'), request.form['choice']])
+ choice = request.form['choice']
+ if choice in [str(c['id']) for c in choices] \
+ and query_db('select * from choices where id = ?', [choice], one=True) is not None:
+ g.db.execute('insert into user_choice (id_user, id_choice) values (?, ?)',
+ [session.get('user').get('id'), request.form['choice']])