diff options
| author | leak <leak@bitmx.net> | 2012-03-24 01:25:08 +0100 |
|---|---|---|
| committer | leak <leak@bitmx.net> | 2012-03-24 01:25:08 +0100 |
| commit | 12e55a04bb14f4a56576dcc0ead35e996d7dcc7d (patch) | |
| tree | e99f4982d0f249d30ae51479c3f6975f757bb851 /src/server/game/Server | |
| parent | 8e96b86715ac78e18d8fa5e14d9e7b9a3f2dc125 (diff) | |
Core/DBLayer: Convert PQuery() queries to prepared statements
Diffstat (limited to 'src/server/game/Server')
| -rwxr-xr-x | src/server/game/Server/WorldSocket.cpp | 47 |
1 files changed, 24 insertions, 23 deletions
diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp index 2c6098fb23f..40b4a0bad4f 100755 --- a/src/server/game/Server/WorldSocket.cpp +++ b/src/server/game/Server/WorldSocket.cpp @@ -812,13 +812,11 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) clientSeed); // Get the account information from the realmd database - std::string safe_account = account; // Duplicate, else will screw the SHA hash verification below - LoginDatabase.EscapeString (safe_account); - // No SQL injection, username escaped. + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_INFO_BY_NAME); - // 0 1 2 3 4 5 6 7 8 9 10 - QueryResult result = LoginDatabase.PQuery ("SELECT id, sessionkey, last_ip, locked, v, s, expansion, mutetime, locale, recruiter, os FROM account " - "WHERE username = '%s'", safe_account.c_str()); + stmt->setString(0, account); + + PreparedQueryResult result = LoginDatabase.Query(stmt); // Stop if the account is not found if (!result) @@ -899,29 +897,28 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) std::string os = fields[10].GetString(); // Checks gmlevel per Realm - result = - LoginDatabase.PQuery ("SELECT " - "RealmID, " //0 - "gmlevel " //1 - "FROM account_access " - "WHERE id = '%d'" - " AND (RealmID = '%d'" - " OR RealmID = '-1')", - id, realmID); + stmt = LoginDatabase.GetPreparedStatement(LOGIN_GET_GMLEVEL_BY_REALMID); + + stmt->setUInt32(0, id); + stmt->setInt32(1, int32(realmID)); + + result = LoginDatabase.Query(stmt); + if (!result) security = 0; else { fields = result->Fetch(); - security = fields[1].GetInt32(); + security = fields[0].GetInt32(); } // Re-check account ban (same check as in realmd) - QueryResult banresult = - LoginDatabase.PQuery ("SELECT 1 FROM account_banned WHERE id = %u AND active = 1 " - "UNION " - "SELECT 1 FROM ip_banned WHERE ip = '%s'", - id, GetRemoteAddress().c_str()); + stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_BANS); + + stmt->setUInt32(0, id); + stmt->setString(1, GetRemoteAddress()); + + PreparedQueryResult banresult = LoginDatabase.Query(stmt); if (banresult) // if account banned { @@ -976,7 +973,11 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) address.c_str()); // Check if this user is by any chance a recruiter - result = LoginDatabase.PQuery ("SELECT 1 FROM account WHERE recruiter = %u", id); + stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_ACCOUNT_RECRUITER); + + stmt->setUInt32(0, id); + + result = LoginDatabase.Query(stmt); bool isRecruiter = false; if (result) @@ -984,7 +985,7 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) // Update the last_ip in the database - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_IP); + stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPD_LAST_IP); stmt->setString(0, address); stmt->setString(1, account); |