Core/DBLayer: Convert PExecute() queries to prepared statements No. 3

2 files changed, 54 insertions, 20 deletions

diff --git a/src/server/scripts/Commands/cs_account.cpp b/src/server/scripts/Commands/cs_account.cpp
index bcef7ac9ba9..a8e0c972607 100644
--- a/src/server/scripts/Commands/cs_account.cpp
+++ b/src/server/scripts/Commands/cs_account.cpp
@@ -388,8 +388,13 @@ public:
         if (expansion < 0 || uint8(expansion) > sWorld->getIntConfig(CONFIG_EXPANSION))
             return false;
 
-        // No SQL injection
-        LoginDatabase.PExecute("UPDATE account SET expansion = '%d' WHERE id = '%u'", expansion, accountId);
+        PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPDATE_EXPANSION);
+
+        stmt->setUInt8(0, expansion);
+        stmt->setUInt32(1, accountId);
+
+        LoginDatabase.Execute(stmt);
+
         handler->PSendSysMessage(LANG_ACCOUNT_SETADDON, accountName.c_str(), accountId, expansion);
         return true;
     }
@@ -480,13 +485,34 @@ public:
         }
 
         // If gmRealmID is -1, delete all values for the account id, else, insert values for the specific realmID
+        PreparedStatement* stmt;
+
         if (gmRealmID == -1)
-            LoginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u'", targetAccountId);
+        {
+            stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_ACCOUNT_ACCESS);
+
+            stmt->setUInt32(0, targetAccountId);
+        }
         else
-            LoginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u' AND (RealmID = '%d' OR RealmID = '-1')", targetAccountId, realmID);
+        {
+            stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_ACCOUNT_ACCESS_BY_REALM);
+
+            stmt->setUInt32(0, targetAccountId);
+            stmt->setUInt32(1, realmID);
+        }
+        LoginDatabase.Execute(stmt);
 
         if (gm != 0)
-            LoginDatabase.PExecute("INSERT INTO account_access VALUES ('%u', '%d', '%d')", targetAccountId, gm, gmRealmID);
+        {
+            PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT_ACCESS);
+
+            stmt->setUInt32(0, targetAccountId);
+            stmt->setUInt8(1, uint8(gm));
+            stmt->setUInt32(2, gmRealmID);
+
+            LoginDatabase.Execute(stmt);
+        }
+
 
         handler->PSendSysMessage(LANG_YOU_CHANGE_SECURITY, targetAccountName.c_str(), gm);
         return true;
diff --git a/src/server/scripts/Commands/cs_npc.cpp b/src/server/scripts/Commands/cs_npc.cpp
index a5aa2a516f3..2d52a0e80d4 100644
--- a/src/server/scripts/Commands/cs_npc.cpp
+++ b/src/server/scripts/Commands/cs_npc.cpp
@@ -219,10 +219,10 @@ public:
         if (!*args)
             return false;
 
-        char* guid_str = strtok((char*)args, " ");
-        char* wait_str = strtok((char*)NULL, " ");
+        char* guidStr = strtok((char*)args, " ");
+        char* waitStr = strtok((char*)NULL, " ");
 
-        uint32 lowguid = atoi((char*)guid_str);
+        uint32 lowGuid = atoi((char*)guidStr);
 
         Creature* creature = NULL;
 
@@ -234,10 +234,10 @@ public:
         // attempt check creature existence by DB data
         if (!creature)
         {
-            CreatureData const* data = sObjectMgr->GetCreatureData(lowguid);
+            CreatureData const* data = sObjectMgr->GetCreatureData(lowGuid);
             if (!data)
             {
-                handler->PSendSysMessage(LANG_COMMAND_CREATGUIDNOTFOUND, lowguid);
+                handler->PSendSysMessage(LANG_COMMAND_CREATGUIDNOTFOUND, lowGuid);
                 handler->SetSentErrorMessage(true);
                 return false;
             }
@@ -245,20 +245,22 @@ public:
         else
         {
             // obtain real GUID for DB operations
-            lowguid = creature->GetDBTableGUIDLow();
+            lowGuid = creature->GetDBTableGUIDLow();
         }
 
-        int wait = wait_str ? atoi(wait_str) : 0;
+        int wait = waitStr ? atoi(waitStr) : 0;
 
         if (wait < 0)
             wait = 0;
 
-        //Player* player = handler->GetSession()->GetPlayer();
+        // Update movement type
+        PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(WORLD_UPD_CREATURE_MOVEMENT_TYPE);
 
-        //WaypointMgr.AddLastNode(lowguid, player->GetPositionX(), player->GetPositionY(), player->GetPositionZ(), player->GetOrientation(), wait, 0);
+        stmt->setUInt8(0, uint8(WAYPOINT_MOTION_TYPE));
+        stmt->setUInt32(1, lowGuid);
+
+        CharacterDatabase.Execute(stmt);
 
-        // update movement type
-        WorldDatabase.PExecute("UPDATE creature SET MovementType = '%u' WHERE guid = '%u'", WAYPOINT_MOTION_TYPE, lowguid);
         if (creature && creature->GetWaypointPath())
         {
             creature->SetDefaultMovementType(WAYPOINT_MOTION_TYPE);
@@ -457,17 +459,23 @@ public:
 
         creature->setFaction(factionId);
 
-        // faction is set in creature_template - not inside creature
+        // Faction is set in creature_template - not inside creature
 
-        // update in memory
+        // Update in memory..
         if (CreatureTemplate const* cinfo = creature->GetCreatureInfo())
         {
             const_cast<CreatureTemplate*>(cinfo)->faction_A = factionId;
             const_cast<CreatureTemplate*>(cinfo)->faction_H = factionId;
         }
 
-        // and DB
-        WorldDatabase.PExecute("UPDATE creature_template SET faction_A = '%u', faction_H = '%u' WHERE entry = '%u'", factionId, factionId, creature->GetEntry());
+        // ..and DB
+        PreparedStatement* stmt = WorldDatabase.GetPreparedStatement(WORLD_UPD_CREATURE_FACTION);
+
+        stmt->setUInt16(0, uint16(factionId));
+        stmt->setUInt16(1, uint16(factionId));
+        stmt->setUInt32(2, creature->GetEntry());
+
+        WorldDatabase.Execute(stmt);
 
         return true;
     }