Mirrored_Repos/DarkflameServer
1
0
Fork 0
mirror of https://github.com/DarkflameUniverse/DarkflameServer.git synced 2025-08-06 02:34:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Comply with Xiphoseer required changes.

Browse Source 
Remove the CDClientDatabase::ExecuteQueryWithArgs() function and replace 
it with CDClientDatabase::CreatePreppedStmt().

This prevents a developer from accidently using %s, or incorrectly 
passing std::string, and causing a silent error.
This commit is contained in:
TheMatt2
2022-01-12 22:48:27 -05:00
parent e5f7d164cb
commit 3de3932503
22 changed files with 247 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
dGame/dBehaviors/Behavior.cpp
View File

@@ -276,9 +276,11 @@ Behavior* Behavior::CreateBehavior(const uint32_t behaviorId)
}
BehaviorTemplates Behavior::GetBehaviorTemplate(const uint32_t behaviorId) {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT templateID FROM BehaviorTemplate WHERE behaviorID = %u;",
behaviorId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT templateID FROM BehaviorTemplate WHERE behaviorID = ?;");
query.bind(1, (int) behaviorId);
auto result = query.execQuery();
// Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof())
@@ -349,18 +351,24 @@ void Behavior::PlayFx(std::u16string type, const LWOOBJID target, const LWOOBJID
}
}
// The SQlite result object becomes invalid if the query object leaves scope.
// So both queries are defined before the if statement
CppSQLite3Query result;
if (!type.empty())
{
result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT effectName FROM BehaviorEffect WHERE effectType = %Q AND effectID = %u;",
typeString.c_str(), effectId);
}
else
{
result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT effectName, effectType FROM BehaviorEffect WHERE effectID = %u;",
effectId);
auto typeQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT effectName FROM BehaviorEffect WHERE effectType = ? AND effectID = ?;");
auto idQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT effectName, effectType FROM BehaviorEffect WHERE effectID = ?;");
if (!type.empty()) {
typeQuery.bind(1, typeString.c_str());
typeQuery.bind(2, (int) effectId);
result = typeQuery.execQuery();
} else {
idQuery.bind(1, (int) effectId);
result = idQuery.execQuery();
}
if (result.eof() || result.fieldIsNull(0))
@@ -406,9 +414,11 @@ Behavior::Behavior(const uint32_t behaviorId)
this->m_templateId = BehaviorTemplates::BEHAVIOR_EMPTY;
}
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = %u;",
behaviorId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = ?;");
query.bind(1, (int) behaviorId);
auto result = query.execQuery();
// Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof())
@@ -481,9 +491,11 @@ std::map<std::string, float> Behavior::GetParameterNames() const
{
std::map<std::string, float> parameters;
auto tableData = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = %u;",
this->m_behaviorId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = ?;");
query.bind(1, (int) this->m_behaviorId);
auto tableData = query.execQuery();
while (!tableData.eof())
{

10
dGame/dBehaviors/SwitchMultipleBehavior.cpp
View File

@@ -40,12 +40,14 @@ void SwitchMultipleBehavior::Calculate(BehaviorContext* context, RakNet::BitStre
}
void SwitchMultipleBehavior::Load() {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT replace(bP1.parameterID, 'behavior ', '') as key, bP1.value as behavior, "
"(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = %u AND bP2.parameterID LIKE 'value %' "
"(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = ?1 AND bP2.parameterID LIKE 'value %' "
"AND replace(bP1.parameterID, 'behavior ', '') = replace(bP2.parameterID, 'value ', '')) as value "
"FROM BehaviorParameter bP1 WHERE bP1.behaviorID = %u AND bP1.parameterID LIKE 'behavior %';",
this->m_behaviorId, this->m_behaviorId);
"FROM BehaviorParameter bP1 WHERE bP1.behaviorID = ?1 AND bP1.parameterID LIKE 'behavior %';");
query.bind(1, (int) this->m_behaviorId);
auto result = query.execQuery();
while (!result.eof()) {
const auto behavior_id = static_cast<uint32_t>(result.getFloatField(1));