Core/DBLayer: Convert PQuery() queries to prepared statements

author: leak <leak@bitmx.net> 2012-03-24 01:25:08 +0100
committer: leak <leak@bitmx.net> 2012-03-24 01:25:08 +0100
commit: 12e55a04bb14f4a56576dcc0ead35e996d7dcc7d (patch)
tree: e99f4982d0f249d30ae51479c3f6975f757bb851 /src/server/game/Accounts
parent: 8e96b86715ac78e18d8fa5e14d9e7b9a3f2dc125 (diff)
2 files changed, 52 insertions, 22 deletions
diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp
index a6ae300e25d..4886b20a0f2 100755
--- a/src/server/game/Accounts/AccountMgr.cpp
+++ b/src/server/game/Accounts/AccountMgr.cpp
@@ -53,12 +53,21 @@ AccountOpResult CreateAccount(std::string username, std::string password)
 
 AccountOpResult DeleteAccount(uint32 accountId)
 {
-    QueryResult result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accountId);
+    // Check if accounts exists
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BY_ID);
+    stmt->setUInt32(0, accountId);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
     if (!result)
-        return AOR_NAME_NOT_EXIST;                          // account doesn't exist
+        return AOR_NAME_NOT_EXIST;
+
+    // Obtain accounts characters
+    stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_CHARS_BY_ACCOUNT_ID);
+
+    stmt->setUInt32(0, accountId);
+
+    result = CharacterDatabase.Query(stmt);
 
-    // existed characters list
-    result = CharacterDatabase.PQuery("SELECT guid FROM characters WHERE account='%d'", accountId);
     if (result)
     {
         do
@@ -66,7 +75,7 @@ AccountOpResult DeleteAccount(uint32 accountId)
             uint32 guidLow = (*result)[0].GetUInt32();
             uint64 guid = MAKE_NEW_GUID(guidLow, 0, HIGHGUID_PLAYER);
 
-            // kick if player is online
+            // Kick if player is online
             if (Player* p = ObjectAccessor::FindPlayer(guid))
             {
                 WorldSession* s = p->GetSession();
@@ -79,7 +88,7 @@ AccountOpResult DeleteAccount(uint32 accountId)
     }
 
     // table realm specific but common for all characters of account for realm
-    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_TUTORIALS);
+    stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_TUTORIALS);
     stmt->setUInt32(0, accountId);
     CharacterDatabase.Execute(stmt);
     stmt = CharacterDatabase.GetPreparedStatement(CHAR_DEL_ACCOUNT_DATA);
@@ -99,9 +108,13 @@ AccountOpResult DeleteAccount(uint32 accountId)
 
 AccountOpResult ChangeUsername(uint32 accountId, std::string newUsername, std::string newPassword)
 {
-    QueryResult result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d'", accountId);
+    // Check if accounts exists
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_BY_ID);
+    stmt->setUInt32(0, accountId);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
     if (!result)
-        return AOR_NAME_NOT_EXIST;                          // account doesn't exist
+        return AOR_NAME_NOT_EXIST;
 
     if (utf8length(newUsername) > MAX_ACCOUNT_STR)
         return AOR_NAME_TOO_LONG;
@@ -112,7 +125,7 @@ AccountOpResult ChangeUsername(uint32 accountId, std::string newUsername, std::s
     normalizeString(newUsername);
     normalizeString(newPassword);
 
-    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_USERNAME);
+    stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_USERNAME);
 
     stmt->setString(0, newUsername);
     stmt->setString(1, CalculateShaPassHash(newUsername, newPassword));
@@ -148,28 +161,38 @@ AccountOpResult ChangePassword(uint32 accountId, std::string newPassword)
 
 uint32 GetId(std::string username)
 {
-    LoginDatabase.EscapeString(username);
-    QueryResult result = LoginDatabase.PQuery("SELECT id FROM account WHERE username = '%s'", username.c_str());
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_ACCOUNT_ID_BY_USERNAME);
+    stmt->setString(0, username);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
     return (result) ? (*result)[0].GetUInt32() : 0;
 }
 
 uint32 GetSecurity(uint32 accountId)
 {
-    QueryResult result = LoginDatabase.PQuery("SELECT gmlevel FROM account_access WHERE id = '%u'", accountId);
-    return (result) ? (*result)[0].GetUInt32() : 0;
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_ACCOUNT_ACCESS_GMLEVEL);
+    stmt->setUInt32(0, accountId);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
+    return (result) ? (*result)[0].GetUInt32() : SEC_PLAYER;
 }
 
-uint32 GetSecurity(uint64 accountId, int32 realmId)
+uint32 GetSecurity(uint32 accountId, int32 realmId)
 {
-    QueryResult result = (realmId == -1)
-        ? LoginDatabase.PQuery("SELECT gmlevel FROM account_access WHERE id = '%u' AND RealmID = '%d'", accountId, realmId)
-        : LoginDatabase.PQuery("SELECT gmlevel FROM account_access WHERE id = '%u' AND (RealmID = '%d' OR RealmID = '-1')", accountId, realmId);
-    return (result) ? (*result)[0].GetUInt32() : 0;
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_GMLEVEL_BY_REALMID);
+    stmt->setUInt32(0, accountId);
+    stmt->setInt32(1, realmId);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
+    return (result) ? (*result)[0].GetUInt32() : SEC_PLAYER;
 }
 
 bool GetName(uint32 accountId, std::string& name)
 {
-    QueryResult result = LoginDatabase.PQuery("SELECT username FROM account WHERE id = '%u'", accountId);
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_USERNAME_BY_ID);
+    stmt->setUInt32(0, accountId);
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
     if (result)
     {
         name = (*result)[0].GetString();
@@ -189,14 +212,21 @@ bool CheckPassword(uint32 accountId, std::string password)
     normalizeString(username);
     normalizeString(password);
 
-    QueryResult result = LoginDatabase.PQuery("SELECT 1 FROM account WHERE id='%d' AND sha_pass_hash='%s'", accountId, CalculateShaPassHash(username, password).c_str());
+    PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_CHECK_PASSWORD);
+    stmt->setUInt32(0, accountId);
+    stmt->setString(1, CalculateShaPassHash(username, password));
+    PreparedQueryResult result = LoginDatabase.Query(stmt);
+
     return (result) ? true : false;
 }
 
 uint32 GetCharactersCount(uint32 accountId)
 {
     // check character count
-    QueryResult result = CharacterDatabase.PQuery("SELECT COUNT(guid) FROM characters WHERE account = '%d'", accountId);
+    PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(CHAR_SEL_SUM_CHARS);
+    stmt->setUInt32(0, accountId);
+    PreparedQueryResult result = CharacterDatabase.Query(stmt);
+
     return (result) ? (*result)[0].GetUInt32() : 0;
 }
 
diff --git a/src/server/game/Accounts/AccountMgr.h b/src/server/game/Accounts/AccountMgr.h
index 467972cdf65..c69f3c0a6f3 100755
--- a/src/server/game/Accounts/AccountMgr.h
+++ b/src/server/game/Accounts/AccountMgr.h
@@ -44,7 +44,7 @@ namespace AccountMgr
 
     uint32 GetId(std::string username);
     uint32 GetSecurity(uint32 accountId);
-    uint32 GetSecurity(uint64 accountId, int32 realmId);
+    uint32 GetSecurity(uint32 accountId, int32 realmId);
     bool GetName(uint32 accountId, std::string& name);
     uint32 GetCharactersCount(uint32 accountId);
     std::string CalculateShaPassHash(std::string& name, std::string& password);
author	leak <leak@bitmx.net>	2012-03-24 01:25:08 +0100
committer	leak <leak@bitmx.net>	2012-03-24 01:25:08 +0100
commit	12e55a04bb14f4a56576dcc0ead35e996d7dcc7d (patch)
tree	e99f4982d0f249d30ae51479c3f6975f757bb851 /src/server/game/Accounts
parent	8e96b86715ac78e18d8fa5e14d9e7b9a3f2dc125 (diff)