Avoid fstring in queries (#554)

* Avoid fstring in queries

* Reorder import

* chore: update changelog

---------

Co-authored-by: Pete Gadomski <[email protected]>

Author: alukach

CHANGES.md

@@ -6,6 +6,10 @@
 
 * Default branch to **main** ([#544](https://github.com/stac-utils/stac-fastapi/pull/544))
 
+### Fixed
+
+* Use `V()` instead of f-strings for pgstac queries ([#554](https://github.com/stac-utils/stac-fastapi/pull/554))
+
 ## [2.4.4] - 2023-03-09
 
 ### Added

stac_fastapi/pgstac/stac_fastapi/pgstac/db.py

@@ -7,7 +7,7 @@
 import attr
 import orjson
 from asyncpg import exceptions, pool
-from buildpg import asyncpg, render
+from buildpg import V, asyncpg, render
 from fastapi import FastAPI
 
 from stac_fastapi.types.errors import (
@@ -66,18 +66,20 @@ async def dbfunc(pool: pool, func: str, arg: Union[str, Dict]):
         if isinstance(arg, str):
             async with pool.acquire() as conn:
                 q, p = render(
-                    f"""
-                        SELECT * FROM {func}(:item::text);
-                        """,
+                    """
+                    SELECT * FROM :func(:item::text);
+                    """,
+                    func=V(func),
                     item=arg,
                 )
                 return await conn.fetchval(q, *p)
         else:
             async with pool.acquire() as conn:
                 q, p = render(
-                    f"""
-                        SELECT * FROM {func}(:item::text::jsonb);
-                        """,
+                    """
+                    SELECT * FROM :func(:item::text::jsonb);
+                    """,
+                    func=V(func),
                     item=json.dumps(arg),
                 )
                 return await conn.fetchval(q, *p)