From 7047b7ca337bdeca6c8a24c58ee2abe0e840ccd9 Mon Sep 17 00:00:00 2001 From: celest Date: Sun, 27 Mar 2005 10:31:42 +0000 Subject: * Fixed a SQL syntax crash when logging character names with "'" in them git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/branches/stable@1305 54d463be-8e91-2dee-dedb-b68131a5f0ec --- src/map/log.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) (limited to 'src/map/log.c') diff --git a/src/map/log.c b/src/map/log.c index df939488f..6494da2e0 100644 --- a/src/map/log.c +++ b/src/map/log.c @@ -3,10 +3,10 @@ #include #include +#include "../common/strlib.h" +#include "../common/nullpo.h" #include "itemdb.h" #include "map.h" - -#include "nullpo.h" #include "log.h" struct Log_Config log_config; @@ -64,7 +64,8 @@ int log_branch(struct map_session_data *sd) #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`branch_date`, `account_id`, `char_id`, `char_name`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%s')", log_config.log_branch_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`branch_date`, `account_id`, `char_id`, `char_name`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%s')", + log_config.log_branch_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -153,7 +154,8 @@ int log_present(struct map_session_data *sd, int source_type, int nameid) #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`present_date`, `src_id`, `account_id`, `char_id`, `char_name`, `nameid`, `map`) VALUES (NOW(), '%d', '%d', '%d', '%s', '%d', '%s') ", log_config.log_present_db, source_type, sd->status.account_id, sd->status.char_id, sd->status.name, nameid, sd->mapname); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`present_date`, `src_id`, `account_id`, `char_id`, `char_name`, `nameid`, `map`) VALUES (NOW(), '%d', '%d', '%d', '%s', '%d', '%s') ", + log_config.log_present_db, source_type, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), nameid, sd->mapname); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -179,7 +181,8 @@ int log_produce(struct map_session_data *sd, int nameid, int slot1, int slot2, i #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`produce_date`, `account_id`, `char_id`, `char_name`, `nameid`, `slot1`, `slot2`, `slot3`, `map`, `success`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%s', '%d') ", log_config.log_produce_db, sd->status.account_id, sd->status.char_id, sd->status.name, nameid, slot1, slot2, slot3, sd->mapname, success); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`produce_date`, `account_id`, `char_id`, `char_name`, `nameid`, `slot1`, `slot2`, `slot3`, `map`, `success`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%s', '%d') ", + log_config.log_produce_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), nameid, slot1, slot2, slot3, sd->mapname, success); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -219,7 +222,8 @@ int log_refine(struct map_session_data *sd, int n, int success) #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`refine_date`, `account_id`, `char_id`, `char_name`, `nameid`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `success`, `item_level`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d', '%d')", log_config.log_refine_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->status.inventory[n].nameid, sd->status.inventory[n].refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, success, item_level); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`refine_date`, `account_id`, `char_id`, `char_name`, `nameid`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `success`, `item_level`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d', '%d')", + log_config.log_refine_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->status.inventory[n].nameid, sd->status.inventory[n].refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, success, item_level); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -263,7 +267,8 @@ int log_trade(struct map_session_data *sd, struct map_session_data *target_sd, i #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s')", log_config.log_trade_db, sd->status.account_id, sd->status.char_id, sd->status.name, target_sd->status.account_id, target_sd->status.char_id, target_sd->status.name, log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s')", + log_config.log_trade_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), target_sd->status.account_id, target_sd->status.char_id, jstrescape(target_sd->status.name), log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -304,7 +309,8 @@ int log_vend(struct map_session_data *sd,struct map_session_data *vsd,int n,int #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`vend_date`, `vend_account_id`, `vend_char_id`, `vend_char_name`, `buy_account_id`, `buy_char_id`, `buy_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d')", log_config.log_vend_db, sd->status.account_id, sd->status.char_id, sd->status.name, vsd->status.account_id, vsd->status.char_id, vsd->status.name, log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, zeny); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`vend_date`, `vend_account_id`, `vend_char_id`, `vend_char_name`, `buy_account_id`, `buy_char_id`, `buy_char_name`, `nameid`, `amount`, `refine`, `card0`, `card1`, `card2`, `card3`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%d', '%d', '%d', '%d', '%d', '%d', '%d', '%s', '%d')", + log_config.log_vend_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), vsd->status.account_id, vsd->status.char_id, jstrescape(vsd->status.name), log_nameid, log_amount, log_refine, log_card[0], log_card[1], log_card[2], log_card[3], sd->mapname, zeny); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -330,7 +336,8 @@ int log_zeny(struct map_session_data *sd, struct map_session_data *target_sd,int #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql,"INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%s', '%d')", log_config.log_trade_db, sd->status.account_id, sd->status.char_id, sd->status.name, target_sd->status.account_id, target_sd->status.char_id, target_sd->status.name, sd->mapname, sd->deal_zeny); + sprintf(tmp_sql,"INSERT DELAYED INTO `%s` (`trade_date`, `src_account_id`, `src_char_id`, `src_char_name`, `des_account_id`, `des_char_id`, `des_char_name`, `map`, `zeny`) VALUES (NOW(), '%d', '%d', '%s', '%d', '%d', '%s', '%s', '%d')", + log_config.log_trade_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), target_sd->status.account_id, target_sd->status.char_id, jstrescape(target_sd->status.name), sd->mapname, sd->deal_zeny); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -356,7 +363,8 @@ int log_atcommand(struct map_session_data *sd, const char *message) #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_gm_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname, message); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`atcommand_date`, `account_id`, `char_id`, `char_name`, `map`, `command`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", + log_config.log_gm_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname, message); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { @@ -382,7 +390,8 @@ int log_npc(struct map_session_data *sd, const char *message) #ifndef TXT_ONLY if(log_config.sql_logs > 0) { - sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`npc_date`, `account_id`, `char_id`, `char_name`, `map`, `mes`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", log_config.log_npc_db, sd->status.account_id, sd->status.char_id, sd->status.name, sd->mapname, message); + sprintf(tmp_sql, "INSERT DELAYED INTO `%s` (`npc_date`, `account_id`, `char_id`, `char_name`, `map`, `mes`) VALUES(NOW(), '%d', '%d', '%s', '%s', '%s') ", + log_config.log_npc_db, sd->status.account_id, sd->status.char_id, jstrescape(sd->status.name), sd->mapname, message); if(mysql_query(&mmysql_handle, tmp_sql)) printf("DB server Error - %s\n",mysql_error(&mmysql_handle)); } else { -- cgit v1.2.3-70-g09d2