Core/DBLayer: Convert PExecute() queries to prepared statements No. 3

2026-01-29 21:32:52 +01:00 · 2011-12-31 00:32:05 +01:00
parent ded31adfa1
commit 8adac3f246
21 changed files with 449 additions and 132 deletions
--- a/src/server/scripts/Commands/cs_account.cpp
+++ b/src/server/scripts/Commands/cs_account.cpp
@@ -388,8 +388,13 @@ public:
        if (expansion < 0 || uint8(expansion) > sWorld->getIntConfig(CONFIG_EXPANSION))
            return false;

-        // No SQL injection
-        LoginDatabase.PExecute("UPDATE account SET expansion = '%d' WHERE id = '%u'", expansion, accountId);
+        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPDATE_EXPANSION);
+
+        stmt->setUInt8(0, expansion);
+        stmt->setUInt32(1, accountId);
+
+        LoginDatabase.Execute(stmt);
+
        handler->PSendSysMessage(LANG_ACCOUNT_SETADDON, accountName.c_str(), accountId, expansion);
        return true;
    }
@@ -480,13 +485,34 @@ public:
        }

        // If gmRealmID is -1, delete all values for the account id, else, insert values for the specific realmID
+        PreparedStatement* stmt;
+
        if (gmRealmID == -1)
-            LoginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u'", targetAccountId);
+        {
+            stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_ACCOUNT_ACCESS);
+
+            stmt->setUInt32(0, targetAccountId);
+        }
        else
-            LoginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u' AND (RealmID = '%d' OR RealmID = '-1')", targetAccountId, realmID);
+        {
+            stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_ACCOUNT_ACCESS_BY_REALM);
+
+            stmt->setUInt32(0, targetAccountId);
+            stmt->setUInt32(1, realmID);
+        }
+        LoginDatabase.Execute(stmt);

        if (gm != 0)
-            LoginDatabase.PExecute("INSERT INTO account_access VALUES ('%u', '%d', '%d')", targetAccountId, gm, gmRealmID);
+        {
+            PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT_ACCESS);
+
+            stmt->setUInt32(0, targetAccountId);
+            stmt->setUInt8(1, uint8(gm));
+            stmt->setUInt32(2, gmRealmID);
+
+            LoginDatabase.Execute(stmt);
+        }
+

        handler->PSendSysMessage(LANG_YOU_CHANGE_SECURITY, targetAccountName.c_str(), gm);
        return true;
--- a/src/server/scripts/Commands/cs_npc.cpp
+++ b/src/server/scripts/Commands/cs_npc.cpp
@@ -219,10 +219,10 @@ public:
        if (!*args)
            return false;

-        char* guid_str = strtok((char*)args, " ");
-        char* wait_str = strtok((char*)NULL, " ");
+        char* guidStr = strtok((char*)args, " ");
+        char* waitStr = strtok((char*)NULL, " ");

-        uint32 lowguid = atoi((char*)guid_str);
+        uint32 lowGuid = atoi((char*)guidStr);

        Creature* creature = NULL;

@@ -234,10 +234,10 @@ public:
        // attempt check creature existence by DB data
        if (!creature)
        {
-            CreatureData const* data = sObjectMgr->GetCreatureData(lowguid);
+            CreatureData const* data = sObjectMgr->GetCreatureData(lowGuid);
            if (!data)
            {
-                handler->PSendSysMessage(LANG_COMMAND_CREATGUIDNOTFOUND, lowguid);
+                handler->PSendSysMessage(LANG_COMMAND_CREATGUIDNOTFOUND, lowGuid);
                handler->SetSentErrorMessage(true);
                return false;
            }
@@ -245,20 +245,22 @@ public:
        else
        {
            // obtain real GUID for DB operations
-            lowguid = creature->GetDBTableGUIDLow();
+            lowGuid = creature->GetDBTableGUIDLow();
        }

-        int wait = wait_str ? atoi(wait_str) : 0;
+        int wait = waitStr ? atoi(waitStr) : 0;

        if (wait < 0)
            wait = 0;

-        //Player* player = handler->GetSession()->GetPlayer();
+        // Update movement type
+        PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(WORLD_UPD_CREATURE_MOVEMENT_TYPE);

-        //WaypointMgr.AddLastNode(lowguid, player->GetPositionX(), player->GetPositionY(), player->GetPositionZ(), player->GetOrientation(), wait, 0);
+        stmt->setUInt8(0, uint8(WAYPOINT_MOTION_TYPE));
+        stmt->setUInt32(1, lowGuid);
+
+        CharacterDatabase.Execute(stmt);

-        // update movement type
-        WorldDatabase.PExecute("UPDATE creature SET MovementType = '%u' WHERE guid = '%u'", WAYPOINT_MOTION_TYPE, lowguid);
        if (creature && creature->GetWaypointPath())
        {
            creature->SetDefaultMovementType(WAYPOINT_MOTION_TYPE);
@@ -457,17 +459,23 @@ public:

        creature->setFaction(factionId);

-        // faction is set in creature_template - not inside creature
+        // Faction is set in creature_template - not inside creature

-        // update in memory
+        // Update in memory..
        if (CreatureTemplate const* cinfo = creature->GetCreatureInfo())
        {
            const_cast<CreatureTemplate*>(cinfo)->faction_A = factionId;
            const_cast<CreatureTemplate*>(cinfo)->faction_H = factionId;
        }

-        // and DB
-        WorldDatabase.PExecute("UPDATE creature_template SET faction_A = '%u', faction_H = '%u' WHERE entry = '%u'", factionId, factionId, creature->GetEntry());
+        // ..and DB
+        PreparedStatement* stmt = WorldDatabase.GetPreparedStatement(WORLD_UPD_CREATURE_FACTION);
+
+        stmt->setUInt16(0, uint16(factionId));
+        stmt->setUInt16(1, uint16(factionId));
+        stmt->setUInt32(2, creature->GetEntry());
+
+        WorldDatabase.Execute(stmt);

        return true;
    }