Replaced one-pager with multiple pages and fixed security bugs

pilots.go

@@ -72,6 +72,11 @@ func handleCreatePilot(w http.ResponseWriter, r *http.Request) {
 		writeError(w, http.StatusBadRequest, "missing_fields")
 		return
 	}
+	if len(p.Number) > 32 || len(p.LastName) > 128 || len(p.FirstName) > 128 ||
+		len(p.Country) > 64 || len(p.BalloonID) > 64 {
+		writeError(w, http.StatusBadRequest, "too_long")
+		return
+	}
 	res, err := db.Exec(
 		"INSERT INTO pilots(competition_id,number,last_name,first_name,country,balloon_id) VALUES(?,?,?,?,?,?)",
 		id, p.Number, p.LastName, p.FirstName, p.Country, p.BalloonID,