From e646dbb3cdae041ae1ead8e5bdd456ce600ee9a5 Mon Sep 17 00:00:00 2001 From: leak Date: Tue, 27 Dec 2011 00:29:17 +0100 Subject: Core/DBLayer: Convert PExecute() queries to prepared statements No. 2 --- src/server/game/Server/WorldSocket.cpp | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'src/server/game/Server') diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp index 0ddc03e3d5c..e0ba9eaaaa4 100755 --- a/src/server/game/Server/WorldSocket.cpp +++ b/src/server/game/Server/WorldSocket.cpp @@ -889,7 +889,13 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) if (mutetime < 0) { mutetime = time(NULL) + llabs(mutetime); - LoginDatabase.PExecute("UPDATE account SET mutetime = " SI64FMTD " WHERE id = '%u'", mutetime, id); + + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPDATE_MUTE_TIME); + + stmt->setInt64(0, mutetime); + stmt->setUInt32(1, id); + + LoginDatabase.Execute(stmt); } locale = LocaleConstant (fields[8].GetUInt8()); @@ -985,14 +991,13 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) isRecruiter = true; // Update the last_ip in the database - // No SQL injection, username escaped. - LoginDatabase.EscapeString (address); - LoginDatabase.PExecute ("UPDATE account " - "SET last_ip = '%s' " - "WHERE username = '%s'", - address.c_str(), - safe_account.c_str()); + PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(LOGIN_UPDATE_LAST_IP); + + stmt->setString(0, address); + stmt->setString(1, account); + + CharacterDatabase.Execute(stmt); // NOTE ATM the socket is single-threaded, have this in mind ... ACE_NEW_RETURN (m_Session, WorldSession (id, this, AccountTypes(security), expansion, mutetime, locale, recruiter, isRecruiter), -1); -- cgit v1.2.3