Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-27 12:22:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/DBLayer: Convert PQuery() queries to prepared statements

Browse Source
This commit is contained in:
leak
2012-03-24 01:25:08 +01:00
parent 8e96b86715
commit 12e55a04bb
37 changed files with 1037 additions and 457 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/server/worldserver/CommandLine/CliRunnable.cpp
View File

@@ -125,29 +125,44 @@ void commandFinished(void*, bool /*success*/)
*/
bool ChatHandler::GetDeletedCharacterInfoList(DeletedInfoList& foundList, std::string searchString)
{
QueryResult resultChar;
PreparedQueryResult result;
PreparedStatement* stmt;
if (!searchString.empty())
{
// search by GUID
if (isNumeric(searchString.c_str()))
resultChar = CharacterDatabase.PQuery("SELECT guid, deleteInfos_Name, deleteInfos_Account, deleteDate FROM characters WHERE deleteDate IS NOT NULL AND guid = %u", uint64(atoi(searchString.c_str())));
{
stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHAR_DEL_INFO_BY_GUID);
stmt->setUInt32(0, uint32(atoi(searchString.c_str())));
result = CharacterDatabase.Query(stmt);
}
// search by name
else
{
if (!normalizePlayerName(searchString))
return false;
resultChar = CharacterDatabase.PQuery("SELECT guid, deleteInfos_Name, deleteInfos_Account, deleteDate FROM characters WHERE deleteDate IS NOT NULL AND deleteInfos_Name " _LIKE_ " " _CONCAT3_("'%%'", "'%s'", "'%%'"), searchString.c_str());
stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHAR_DEL_INFO_BY_NAME);
stmt->setString(0, searchString);
result = CharacterDatabase.Query(stmt);
}
}
else
resultChar = CharacterDatabase.Query("SELECT guid, deleteInfos_Name, deleteInfos_Account, deleteDate FROM characters WHERE deleteDate IS NOT NULL");
{
stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHAR_DEL_INFO);
if (resultChar)
result = CharacterDatabase.Query(stmt);
}
if (result)
{
do
{
Field* fields = resultChar->Fetch();
Field* fields = result->Fetch();
DeletedInfo info;
@@ -161,7 +176,7 @@ bool ChatHandler::GetDeletedCharacterInfoList(DeletedInfoList& foundList, std::s
info.deleteDate = time_t(fields[3].GetUInt32());
foundList.push_back(info);
} while (resultChar->NextRow());
} while (result->NextRow());
}
return true;

24
src/server/worldserver/RemoteAccess/RASocket.cpp
View File

@@ -174,12 +174,15 @@ int RASocket::process_command(const std::string& command)
int RASocket::check_access_level(const std::string& user)
{
std::string safe_user = user;
std::string safeUser = user;
AccountMgr::normalizeString(safe_user);
LoginDatabase.EscapeString(safe_user);
AccountMgr::normalizeString(safeUser);
QueryResult result = LoginDatabase.PQuery("SELECT a.id, aa.gmlevel, aa.RealmID FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = '%s'", safe_user.c_str());
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ACCESS);
stmt->setString(0, safeUser);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (!result)
{
@@ -207,19 +210,20 @@ int RASocket::check_password(const std::string& user, const std::string& pass)
{
std::string safe_user = user;
AccountMgr::normalizeString(safe_user);
LoginDatabase.EscapeString(safe_user);
std::string safe_pass = pass;
AccountMgr::normalizeString(safe_pass);
LoginDatabase.EscapeString(safe_pass);
std::string hash = AccountMgr::CalculateShaPassHash(safe_user, safe_pass);
QueryResult check = LoginDatabase.PQuery(
"SELECT 1 FROM account WHERE username = '%s' AND sha_pass_hash = '%s'",
safe_user.c_str(), hash.c_str());
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD_BY_NAME);
if (!check)
stmt->setString(0, safe_user);
stmt->setString(1, hash);
PreparedQueryResult result = LoginDatabase.Query(stmt);
if (!result)
{
sLog->outRemote("Wrong password for user: %s", user.c_str());
return -1;