Core/DBLayer: Convert PExecute() queries to prepared statements No. 1

author: leak <leakzx@googlemail.com> 2011-12-25 18:12:58 +0100
committer: leak <leakzx@googlemail.com> 2011-12-25 18:13:21 +0100
commit: ef17c05dec23eed3a2dddc3697574155ad061079 (patch)
tree: 566f9f3a6ab2565032f02dcf2a65a6001212dd43 /src/server/scripts/Commands
parent: 9b8d18e7cd09625ba5b24355a3ca88b83125fd11 (diff)
1 files changed, 24 insertions, 11 deletions
diff --git a/src/server/scripts/Commands/cs_account.cpp b/src/server/scripts/Commands/cs_account.cpp
index ae3250ad7b7..bcef7ac9ba9 100644
--- a/src/server/scripts/Commands/cs_account.cpp
+++ b/src/server/scripts/Commands/cs_account.cpp
@@ -81,8 +81,13 @@ public:
             return false;
         }
 
-        // No SQL injection
-        LoginDatabase.PExecute("UPDATE account SET expansion = '%d' WHERE id = '%u'", expansion, accountId);
+        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPDATE_EXPANSION);
+
+        stmt->setUInt8(0, uint8(expansion));
+        stmt->setUInt32(1, accountId);
+
+        LoginDatabase.Execute(stmt);
+
         handler->PSendSysMessage(LANG_ACCOUNT_ADDON, expansion);
         return true;
     }
@@ -242,17 +247,25 @@ public:
         }
 
         std::string param = (char*)args;
-        if (param == "on")
-        {
-            LoginDatabase.PExecute("UPDATE account SET locked = '1' WHERE id = '%d'", handler->GetSession()->GetAccountId());
-            handler->PSendSysMessage(LANG_COMMAND_ACCLOCKLOCKED);
-            return true;
-        }
 
-        if (param == "off")
+        if (!param.empty())
         {
-            LoginDatabase.PExecute("UPDATE account SET locked = '0' WHERE id = '%d'", handler->GetSession()->GetAccountId());
-            handler->PSendSysMessage(LANG_COMMAND_ACCLOCKUNLOCKED);
+            PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPDATE_ACCOUNT_LOCK);
+
+            if (param == "on")
+            {
+                stmt->setBool(0, true);                                     // locked
+                handler->PSendSysMessage(LANG_COMMAND_ACCLOCKLOCKED);
+            }
+            else if (param == "off")
+            {
+                stmt->setBool(0, false);                                    // unlocked
+                handler->PSendSysMessage(LANG_COMMAND_ACCLOCKUNLOCKED);
+            }
+
+            stmt->setUInt32(1, handler->GetSession()->GetAccountId());
+
+            LoginDatabase.Execute(stmt);
             return true;
         }
author	leak <leakzx@googlemail.com>	2011-12-25 18:12:58 +0100
committer	leak <leakzx@googlemail.com>	2011-12-25 18:13:21 +0100
commit	ef17c05dec23eed3a2dddc3697574155ad061079 (patch)
tree	566f9f3a6ab2565032f02dcf2a65a6001212dd43 /src/server/scripts/Commands
parent	9b8d18e7cd09625ba5b24355a3ca88b83125fd11 (diff)