From 8adac3f246188bba419a02d2126ef33eb3eb4fca Mon Sep 17 00:00:00 2001 From: leak Date: Sat, 31 Dec 2011 00:32:05 +0100 Subject: Core/DBLayer: Convert PExecute() queries to prepared statements No. 3 --- src/server/scripts/Commands/cs_account.cpp | 36 ++++++++++++++++++++++++---- src/server/scripts/Commands/cs_npc.cpp | 38 ++++++++++++++++++------------ 2 files changed, 54 insertions(+), 20 deletions(-) (limited to 'src/server/scripts') diff --git a/src/server/scripts/Commands/cs_account.cpp b/src/server/scripts/Commands/cs_account.cpp index bcef7ac9ba9..a8e0c972607 100644 --- a/src/server/scripts/Commands/cs_account.cpp +++ b/src/server/scripts/Commands/cs_account.cpp @@ -388,8 +388,13 @@ public: if (expansion < 0 || uint8(expansion) > sWorld->getIntConfig(CONFIG_EXPANSION)) return false; - // No SQL injection - LoginDatabase.PExecute("UPDATE account SET expansion = '%d' WHERE id = '%u'", expansion, accountId); + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_UPDATE_EXPANSION); + + stmt->setUInt8(0, expansion); + stmt->setUInt32(1, accountId); + + LoginDatabase.Execute(stmt); + handler->PSendSysMessage(LANG_ACCOUNT_SETADDON, accountName.c_str(), accountId, expansion); return true; } @@ -480,13 +485,34 @@ public: } // If gmRealmID is -1, delete all values for the account id, else, insert values for the specific realmID + PreparedStatement* stmt; + if (gmRealmID == -1) - LoginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u'", targetAccountId); + { + stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_ACCOUNT_ACCESS); + + stmt->setUInt32(0, targetAccountId); + } else - LoginDatabase.PExecute("DELETE FROM account_access WHERE id = '%u' AND (RealmID = '%d' OR RealmID = '-1')", targetAccountId, realmID); + { + stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_ACCOUNT_ACCESS_BY_REALM); + + stmt->setUInt32(0, targetAccountId); + stmt->setUInt32(1, realmID); + } + LoginDatabase.Execute(stmt); if (gm != 0) - LoginDatabase.PExecute("INSERT INTO account_access VALUES ('%u', '%d', '%d')", targetAccountId, gm, gmRealmID); + { + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_ACCOUNT_ACCESS); + + stmt->setUInt32(0, targetAccountId); + stmt->setUInt8(1, uint8(gm)); + stmt->setUInt32(2, gmRealmID); + + LoginDatabase.Execute(stmt); + } + handler->PSendSysMessage(LANG_YOU_CHANGE_SECURITY, targetAccountName.c_str(), gm); return true; diff --git a/src/server/scripts/Commands/cs_npc.cpp b/src/server/scripts/Commands/cs_npc.cpp index a5aa2a516f3..2d52a0e80d4 100644 --- a/src/server/scripts/Commands/cs_npc.cpp +++ b/src/server/scripts/Commands/cs_npc.cpp @@ -219,10 +219,10 @@ public: if (!*args) return false; - char* guid_str = strtok((char*)args, " "); - char* wait_str = strtok((char*)NULL, " "); + char* guidStr = strtok((char*)args, " "); + char* waitStr = strtok((char*)NULL, " "); - uint32 lowguid = atoi((char*)guid_str); + uint32 lowGuid = atoi((char*)guidStr); Creature* creature = NULL; @@ -234,10 +234,10 @@ public: // attempt check creature existence by DB data if (!creature) { - CreatureData const* data = sObjectMgr->GetCreatureData(lowguid); + CreatureData const* data = sObjectMgr->GetCreatureData(lowGuid); if (!data) { - handler->PSendSysMessage(LANG_COMMAND_CREATGUIDNOTFOUND, lowguid); + handler->PSendSysMessage(LANG_COMMAND_CREATGUIDNOTFOUND, lowGuid); handler->SetSentErrorMessage(true); return false; } @@ -245,20 +245,22 @@ public: else { // obtain real GUID for DB operations - lowguid = creature->GetDBTableGUIDLow(); + lowGuid = creature->GetDBTableGUIDLow(); } - int wait = wait_str ? atoi(wait_str) : 0; + int wait = waitStr ? atoi(waitStr) : 0; if (wait < 0) wait = 0; - //Player* player = handler->GetSession()->GetPlayer(); + // Update movement type + PreparedStatement* stmt = CharacterDatabase.GetPreparedStatement(WORLD_UPD_CREATURE_MOVEMENT_TYPE); - //WaypointMgr.AddLastNode(lowguid, player->GetPositionX(), player->GetPositionY(), player->GetPositionZ(), player->GetOrientation(), wait, 0); + stmt->setUInt8(0, uint8(WAYPOINT_MOTION_TYPE)); + stmt->setUInt32(1, lowGuid); + + CharacterDatabase.Execute(stmt); - // update movement type - WorldDatabase.PExecute("UPDATE creature SET MovementType = '%u' WHERE guid = '%u'", WAYPOINT_MOTION_TYPE, lowguid); if (creature && creature->GetWaypointPath()) { creature->SetDefaultMovementType(WAYPOINT_MOTION_TYPE); @@ -457,17 +459,23 @@ public: creature->setFaction(factionId); - // faction is set in creature_template - not inside creature + // Faction is set in creature_template - not inside creature - // update in memory + // Update in memory.. if (CreatureTemplate const* cinfo = creature->GetCreatureInfo()) { const_cast(cinfo)->faction_A = factionId; const_cast(cinfo)->faction_H = factionId; } - // and DB - WorldDatabase.PExecute("UPDATE creature_template SET faction_A = '%u', faction_H = '%u' WHERE entry = '%u'", factionId, factionId, creature->GetEntry()); + // ..and DB + PreparedStatement* stmt = WorldDatabase.GetPreparedStatement(WORLD_UPD_CREATURE_FACTION); + + stmt->setUInt16(0, uint16(factionId)); + stmt->setUInt16(1, uint16(factionId)); + stmt->setUInt32(2, creature->GetEntry()); + + WorldDatabase.Execute(stmt); return true; } -- cgit v1.2.3