diff options
author | Yohann Ferreira <bertram@cegetel.net> | 2006-01-21 01:09:31 +0000 |
---|---|---|
committer | Yohann Ferreira <bertram@cegetel.net> | 2006-01-21 01:09:31 +0000 |
commit | 5293e989f8ad43a1b02562be2bcba071803f24c3 (patch) | |
tree | a6807c32949eb0869063291413a4147247c264a0 /src/dalstorage.cpp | |
parent | a5c3439bd5f07921fd46913184281092051faf86 (diff) | |
download | manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.tar.gz manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.tar.bz2 manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.tar.xz manaserv-5293e989f8ad43a1b02562be2bcba071803f24c3.zip |
Corrected a mistake. and made a simple way to avoid crashing sql queries. Need to see how we could improve it.
Diffstat (limited to 'src/dalstorage.cpp')
-rw-r--r-- | src/dalstorage.cpp | 65 |
1 files changed, 32 insertions, 33 deletions
diff --git a/src/dalstorage.cpp b/src/dalstorage.cpp index fa2c4920..be5222dd 100644 --- a/src/dalstorage.cpp +++ b/src/dalstorage.cpp @@ -183,9 +183,9 @@ DALStorage::getAccount(const std::string& userName) try { std::string sql("select * from "); sql += ACCOUNTS_TBL_NAME; - sql += " where username = '"; + sql += " where username = \""; sql += userName; - sql += "';"; + sql += "\";"; const RecordSet& accountInfo = mDb->execSql(sql); // if the account is not even in the database then @@ -417,7 +417,7 @@ DALStorage::getSameEmailNumber(const std::string &email) try { std::string sql("select count(email) from "); sql += ACCOUNTS_TBL_NAME; - sql += " where upper(email) = upper('" + email + "');"; + sql += " where upper(email) = upper(\"" + email + "\");"; const dal::RecordSet& accountInfo = mDb->execSql(sql); @@ -452,9 +452,9 @@ DALStorage::doesCharacterNameExists(const std::string& name) try { std::string sql("select count(name) from "); sql += CHARACTERS_TBL_NAME; - sql += " where name = '"; + sql += " where name = \""; sql += name; - sql += "';"; + sql += "\";"; const dal::RecordSet& accountInfo = mDb->execSql(sql); // if the account is empty then @@ -546,13 +546,13 @@ DALStorage::getChannelList() for ( unsigned int i = 0; i < channelInfo.rows(); ++i) { - channels.insert(std::make_pair(toShort(channelInfo(0,0)), - ChatChannel(channelInfo(0,1), - channelInfo(0,2), - channelInfo(0,3)))); + channels.insert(std::make_pair(toShort(channelInfo(i,0)), + ChatChannel(channelInfo(i,1), + channelInfo(i,2), + channelInfo(i,3)))); - LOG_DEBUG("Channel (" << channelInfo(0,0) << ") loaded: " << channelInfo(0,1) - << ": " << channelInfo(0,2), 5) + LOG_DEBUG("Channel (" << channelInfo(i,0) << ") loaded: " << channelInfo(i,1) + << ": " << channelInfo(i,2), 5) } return channels; @@ -584,7 +584,6 @@ DALStorage::updateChannels(std::map<short, ChatChannel>& channelList) mDb->execSql(sql.str()); - //TODO: See if the ' don't make the SQL queries fail. for (std::map<short, ChatChannel>::iterator i = channelList.begin(); i != channelList.end();) { @@ -598,10 +597,10 @@ DALStorage::updateChannels(std::map<short, ChatChannel>& channelList) << CHANNELS_TBL_NAME << " (id, name, announcement, password)" << " values (" - << i->first << ", '" - << i->second.getName() << "', '" - << i->second.getAnnouncement() << "', '" - << i->second.getPassword() << "');"; + << i->first << ", \"" + << i->second.getName() << "\", \"" + << i->second.getAnnouncement() << "\", \"" + << i->second.getPassword() << "\");"; LOG_DEBUG("Channel (" << i->first << ") saved: " << i->second.getName() << ": " << i->second.getAnnouncement(), 5) @@ -710,17 +709,17 @@ DALStorage::_addAccount(const AccountPtr& account) std::ostringstream sql1; sql1 << "insert into " << ACCOUNTS_TBL_NAME << " (username, password, email, level, banned)" - << " values ('" - << account->getName() << "', '" - << account->getPassword() << "', '" - << account->getEmail() << "', " + << " values (\"" + << account->getName() << "\", \"" + << account->getPassword() << "\", \"" + << account->getEmail() << "\", " << account->getLevel() << ", 0);"; mDb->execSql(sql1.str()); // get the account id. std::ostringstream sql2; sql2 << "select id from " << ACCOUNTS_TBL_NAME - << " where username = '" << account->getName() << "';"; + << " where username = \"" << account->getName() << "\";"; const RecordSet& accountInfo = mDb->execSql(sql2.str()); string_to<unsigned int> toUint; @@ -747,8 +746,8 @@ DALStorage::_addAccount(const AccountPtr& account) << " (name, gender, hair_style, hair_color, level, money, x, y, " << "map_id, str, agi, vit, int, dex, luck)" << " values (" - << (account_it->second).id << ", '" - << (*it)->getName() << "', " + << (account_it->second).id << ", \"" + << (*it)->getName() << "\", " << (*it)->getGender() << ", " << (int)(*it)->getHairStyle() << ", " << (int)(*it)->getHairColor() << ", " @@ -806,9 +805,9 @@ DALStorage::_updAccount(const AccountPtr& account) // update the account. std::ostringstream sql1; sql1 << "update " << ACCOUNTS_TBL_NAME - << " set username = '" << account->getName() << "', " - << "password = '" << account->getPassword() << "', " - << "email = '" << account->getEmail() << "', " + << " set username = \"" << account->getName() << "\", " + << "password = \"" << account->getPassword() << "\", " + << "email = \"" << account->getEmail() << "\", " << "level = '" << account->getLevel() << "' " << "where id = '" << (account_it->second).id << "';"; mDb->execSql(sql1.str()); @@ -826,7 +825,7 @@ DALStorage::_updAccount(const AccountPtr& account) // (reminder: the character names are unique in the database). std::ostringstream sql2; sql2 << "select id from " << CHARACTERS_TBL_NAME - << " where name = '" << (*it)->getName() << "';"; + << " where name = \"" << (*it)->getName() << "\";"; const RecordSet& charInfo = mDb->execSql(sql2.str()); RawStatistics& stats = (*it)->getRawStatistics(); @@ -841,11 +840,11 @@ DALStorage::_updAccount(const AccountPtr& account) << "name, gender, hair_style, hair_color, level, money, x, y, map_id, str, agi, vit, int, dex, luck)" << " values (" #ifdef SQLITE_SUPPORT - << (account_it->second).id << ", '" + << (account_it->second).id << ", \"" #else - << "'" + << "\"" #endif - << (*it)->getName() << "', " + << (*it)->getName() << "\", " << (*it)->getGender() << ", " << (*it)->getHairStyle() << ", " << (*it)->getHairColor() << ", " @@ -863,7 +862,7 @@ DALStorage::_updAccount(const AccountPtr& account) } else { sql3 << "update " << CHARACTERS_TBL_NAME - << " set name = '" << (*it)->getName() << "', " + << " set name = \"" << (*it)->getName() << "\", " << " gender = " << (*it)->getGender() << ", " << " hair_style = " << (*it)->getHairStyle() << ", " << " hair_color = " << (*it)->getHairColor() << ", " @@ -973,9 +972,9 @@ DALStorage::_delAccount(const std::string& userName) // get the account id. std::string sql("select id from "); sql += ACCOUNTS_TBL_NAME; - sql += " where username = '"; + sql += " where username = \""; sql += userName; - sql += "';"; + sql += "\";"; const RecordSet& accountInfo = mDb->execSql(sql); // the account does not even exist in the database, |