summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorcelest <celest@54d463be-8e91-2dee-dedb-b68131a5f0ec>2005-03-27 10:31:42 +0000
committercelest <celest@54d463be-8e91-2dee-dedb-b68131a5f0ec>2005-03-27 10:31:42 +0000
commit7047b7ca337bdeca6c8a24c58ee2abe0e840ccd9 (patch)
tree2a6bf2a8152a33b6be2fdaf050a4a5c661c79b72 /src
parent1395e61afc8c3cf2e5e128e258083ea73b33e998 (diff)
downloadhercules-7047b7ca337bdeca6c8a24c58ee2abe0e840ccd9.tar.gz
hercules-7047b7ca337bdeca6c8a24c58ee2abe0e840ccd9.tar.bz2
hercules-7047b7ca337bdeca6c8a24c58ee2abe0e840ccd9.tar.xz
hercules-7047b7ca337bdeca6c8a24c58ee2abe0e840ccd9.zip
* Fixed a SQL syntax crash when logging character names with "'" in them
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/branches/stable@1305 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src')
-rw-r--r--src/map/log.c31
1 files changed, 20 insertions, 11 deletions
diff --git a/src/map/log.c b/src/map/log.c
index df939488f..6494da2e0 100644
--- a/src/map/log.c
+++ b/src/map/log.c
@@ -3,10 +3,10 @@
#include <stdio.h>
#include <string.h>
+#include "../common/strlib.h"
+#include "../common/nullpo.h"
#include "itemdb.h"
#include "map.h"
-
-#include "nullpo.h"
#include "log.h"
struct Log_Config log_config;
@@ -64,7 +64,8 @@ int log_branch(struct map_session_data *sd)
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`branch_date`, `account_id`, `char_id`, `char_name`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%s')", log_config.log_branch_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`branch_date`, `account_id`, `char_id`, `char_name`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%s')",
+ log_config.log_branch_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -153,7 +154,8 @@ int log_present(struct map_session_data *sd, int source_type, int nameid)
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`present_date`, `src_id`, `account_id`, `char_id`, `char_name`, `nameid`, `map`) VALUES (NOW(), '%d', '%d', '%d', '%s', '%d', '%s') ", log_config.log_present_db, source_type, sd->status.account_id, sd->status.char_id, sd->status.name, nameid, sd->mapname);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`present_date`, `src_id`, `account_id`, `char_id`, `char_name`, `nameid`, `map`) VALUES (NOW(), '%d', '%d', '%d', '%s', '%d', '%s') ",
+ log_config.log_present_db, source_type, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), nameid, sd->mapname);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -179,7 +181,8 @@ int log_produce(struct map_session_data *sd, int nameid, int slot1, int slot2, i
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`produce_date`, `account_id`, `char_id`, `char_name`, `nameid`, `slot1`, `slot2`, `slot3`, `map`, `success`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%s', '%d') ", log_config.log_produce_db, sd->status.account_id, sd->status.char_id, sd->status.name, nameid, slot1, slot2, slot3, sd->mapname, success);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`produce_date`, `account_id`, `char_id`, `char_name`, `nameid`, `slot1`, `slot2`, `slot3`, `map`, `success`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%s', '%d') ",
+ log_config.log_produce_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), nameid, slot1, slot2, slot3, sd->mapname, success);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -219,7 +222,8 @@ int log_refine(struct map_session_data *sd, int n, int success)
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`refine_date`, `account_id`, `char_id`, `char_name`, `nameid`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `success`, `item_level`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d', '%d')", log_config.log_refine_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->status.inventory[n].nameid, sd->status.inventory[n].refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, success, item_level);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`refine_date`, `account_id`, `char_id`, `char_name`, `nameid`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `success`, `item_level`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d', '%d')",
+ log_config.log_refine_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->status.inventory[n].nameid, sd->status.inventory[n].refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, success, item_level);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -263,7 +267,8 @@ int log_trade(struct map_session_data *sd, struct map_session_data *target_sd, i
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s')", log_config.log_trade_db, sd->status.account_id, sd->status.char_id, sd->status.name, target_sd->status.account_id, target_sd->status.char_id, target_sd->status.name, log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s')",
+ log_config.log_trade_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), target_sd->status.account_id, target_sd->status.char_id, jstrescape(target_sd->status.name), log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -304,7 +309,8 @@ int log_vend(struct map_session_data *sd,struct map_session_data *vsd,int n,int
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`vend_date`, `vend_account_id`, `vend_char_id`, `vend_char_name`, `buy_account_id`, `buy_char_id`, `buy_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d')", log_config.log_vend_db, sd->status.account_id, sd->status.char_id, sd->status.name, vsd->status.account_id, vsd->status.char_id, vsd->status.name, log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, zeny);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`vend_date`, `vend_account_id`, `vend_char_id`, `vend_char_name`, `buy_account_id`, `buy_char_id`, `buy_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d')",
+ log_config.log_vend_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), vsd->status.account_id, vsd->status.char_id, jstrescape(vsd->status.name), log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, zeny);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -330,7 +336,8 @@ int log_zeny(struct map_session_data *sd, struct map_session_data *target_sd,int
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql,"INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%s', '%d')", log_config.log_trade_db, sd->status.account_id, sd->status.char_id, sd->status.name, target_sd->status.account_id, target_sd->status.char_id, target_sd->status.name, sd->mapname, sd->deal_zeny);
+ sprintf(tmp_sql,"INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%s', '%d')",
+ log_config.log_trade_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), target_sd->status.account_id, target_sd->status.char_id, jstrescape(target_sd->status.name), sd->mapname, sd->deal_zeny);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -356,7 +363,8 @@ int log_atcommand(struct map_session_data *sd, const char *message)
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_gm_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname, message);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ",
+ log_config.log_gm_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname, message);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {
@@ -382,7 +390,8 @@ int log_npc(struct map_session_data *sd, const char *message)
#ifndef TXT_ONLY
if(log_config.sql_logs > 0)
{
- sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`npc_date`, `account_id`, `char_id`, `char_name`, `map`, `mes`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_npc_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname, message);
+ sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`npc_date`, `account_id`, `char_id`, `char_name`, `map`, `mes`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ",
+ log_config.log_npc_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname, message);
if(mysql_query(&mmysql_handle, tmp_sql))
printf("DB server Error - %s\n",mysql_error(&mmysql_handle));
} else {