Core/DBLayer: Convert PQuery() queries to prepared statements

src/server/worldserver/RemoteAccess/RASocket.cpp

@@ -174,12 +174,15 @@ int RASocket::process_command(const std::string& command)
 
 int RASocket::check_access_level(const std::string& user)
 {
-    std::string safe_user = user;
+    std::string safeUser = user;
 
-    AccountMgr::normalizeString(safe_user);
-    LoginDatabase.EscapeString(safe_user);
+    AccountMgr::normalizeString(safeUser);
 
-    QueryResult result = LoginDatabase.PQuery("SELECT a.id, aa.gmlevel, aa.RealmID FROM account a LEFT JOIN account_access aa ON (a.id = aa.id) WHERE a.username = '%s'", safe_user.c_str());
+
+
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_ACCESS);
+    stmt->setString(0, safeUser);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
 
     if (!result)
     {
@@ -207,19 +210,20 @@ int RASocket::check_password(const std::string& user, const std::string& pass)
 {
     std::string safe_user = user;
     AccountMgr::normalizeString(safe_user);
-    LoginDatabase.EscapeString(safe_user);
 
     std::string safe_pass = pass;
     AccountMgr::normalizeString(safe_pass);
-    LoginDatabase.EscapeString(safe_pass);
 
     std::string hash = AccountMgr::CalculateShaPassHash(safe_user, safe_pass);
 
-    QueryResult check = LoginDatabase.PQuery(
-            "SELECT 1 FROM account WHERE username = '%s' AND sha_pass_hash = '%s'",
-            safe_user.c_str(), hash.c_str());
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD_BY_NAME);
 
-    if (!check)
+    stmt->setString(0, safe_user);
+    stmt->setString(1, hash);
+
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
+    if (!result)
     {
         sLog->outRemote("Wrong password for user: %s", user.c_str());
         return -1;