Comply with Xiphoseer required changes.

Remove the CDClientDatabase::ExecuteQueryWithArgs() function and replace 
it with CDClientDatabase::CreatePreppedStmt().

This prevents a developer from accidently using %s, or incorrectly 
passing std::string, and causing a silent error.
This commit is contained in:
TheMatt2 2022-01-12 22:48:27 -05:00
parent e5f7d164cb
commit 3de3932503
22 changed files with 247 additions and 189 deletions

View File

@ -13,3 +13,8 @@ void CDClientDatabase::Connect(const std::string& filename) {
CppSQLite3Query CDClientDatabase::ExecuteQuery(const std::string& query) {
return conn->execQuery(query.c_str());
}
//! Makes prepared statements
CppSQLite3Statement CDClientDatabase::CreatePreppedStmt(const std::string& query) {
return conn->compileStatement(query.c_str());
}

View File

@ -43,15 +43,7 @@ namespace CDClientDatabase {
//! Queries the CDClient and parses arguments
/*!
\param query The query with formatted arguments
\return the results of the query
\return prepared SQLite Statement
*/
// Due to the template, implementation must be in the header.
template <typename... Args>
CppSQLite3Query ExecuteQueryWithArgs(const std::string& query, Args... args) {
CppSQLite3Buffer sqlBuf;
sqlBuf.format(query.c_str(), args...);
std::string safe_query = (const char *) sqlBuf;
return ExecuteQuery(safe_query);
}
CppSQLite3Statement CreatePreppedStmt(const std::string& query);
};

View File

@ -59,9 +59,11 @@ float CDBehaviorParameterTable::GetEntry(const uint32_t behaviorID, const std::s
}
#ifndef CDCLIENT_CACHE_ALL
auto tableData = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = %u;",
behaviorID);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = ?;");
query.bind(1, (int) behaviorID);
auto tableData = query.execQuery();
m_Entries.insert_or_assign(behaviorID, 0);

View File

@ -276,9 +276,11 @@ Behavior* Behavior::CreateBehavior(const uint32_t behaviorId)
}
BehaviorTemplates Behavior::GetBehaviorTemplate(const uint32_t behaviorId) {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT templateID FROM BehaviorTemplate WHERE behaviorID = %u;",
behaviorId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT templateID FROM BehaviorTemplate WHERE behaviorID = ?;");
query.bind(1, (int) behaviorId);
auto result = query.execQuery();
// Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof())
@ -349,18 +351,24 @@ void Behavior::PlayFx(std::u16string type, const LWOOBJID target, const LWOOBJID
}
}
// The SQlite result object becomes invalid if the query object leaves scope.
// So both queries are defined before the if statement
CppSQLite3Query result;
if (!type.empty())
{
result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT effectName FROM BehaviorEffect WHERE effectType = %Q AND effectID = %u;",
typeString.c_str(), effectId);
}
else
{
result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT effectName, effectType FROM BehaviorEffect WHERE effectID = %u;",
effectId);
auto typeQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT effectName FROM BehaviorEffect WHERE effectType = ? AND effectID = ?;");
auto idQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT effectName, effectType FROM BehaviorEffect WHERE effectID = ?;");
if (!type.empty()) {
typeQuery.bind(1, typeString.c_str());
typeQuery.bind(2, (int) effectId);
result = typeQuery.execQuery();
} else {
idQuery.bind(1, (int) effectId);
result = idQuery.execQuery();
}
if (result.eof() || result.fieldIsNull(0))
@ -406,9 +414,11 @@ Behavior::Behavior(const uint32_t behaviorId)
this->m_templateId = BehaviorTemplates::BEHAVIOR_EMPTY;
}
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = %u;",
behaviorId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT templateID, effectID, effectHandle FROM BehaviorTemplate WHERE behaviorID = ?;");
query.bind(1, (int) behaviorId);
auto result = query.execQuery();
// Make sure we do not proceed if we are trying to load an invalid behavior
if (result.eof())
@ -481,9 +491,11 @@ std::map<std::string, float> Behavior::GetParameterNames() const
{
std::map<std::string, float> parameters;
auto tableData = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = %u;",
this->m_behaviorId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT parameterID, value FROM BehaviorParameter WHERE behaviorID = ?;");
query.bind(1, (int) this->m_behaviorId);
auto tableData = query.execQuery();
while (!tableData.eof())
{

View File

@ -40,12 +40,14 @@ void SwitchMultipleBehavior::Calculate(BehaviorContext* context, RakNet::BitStre
}
void SwitchMultipleBehavior::Load() {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT replace(bP1.parameterID, 'behavior ', '') as key, bP1.value as behavior, "
"(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = %u AND bP2.parameterID LIKE 'value %' "
"(select bP2.value FROM BehaviorParameter bP2 WHERE bP2.behaviorID = ?1 AND bP2.parameterID LIKE 'value %' "
"AND replace(bP1.parameterID, 'behavior ', '') = replace(bP2.parameterID, 'value ', '')) as value "
"FROM BehaviorParameter bP1 WHERE bP1.behaviorID = %u AND bP1.parameterID LIKE 'behavior %';",
this->m_behaviorId, this->m_behaviorId);
"FROM BehaviorParameter bP1 WHERE bP1.behaviorID = ?1 AND bP1.parameterID LIKE 'behavior %';");
query.bind(1, (int) this->m_behaviorId);
auto result = query.execQuery();
while (!result.eof()) {
const auto behavior_id = static_cast<uint32_t>(result.getFloatField(1));

View File

@ -35,9 +35,11 @@ BaseCombatAIComponent::BaseCombatAIComponent(Entity* parent, const uint32_t id)
m_SoftTimer = 5.0f;
//Grab the aggro information from BaseCombatAI:
auto componentResult = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT aggroRadius, tetherSpeed, pursuitSpeed, softTetherRadius, hardTetherRadius FROM BaseCombatAIComponent WHERE id = %u;",
id);
auto componentQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT aggroRadius, tetherSpeed, pursuitSpeed, softTetherRadius, hardTetherRadius FROM BaseCombatAIComponent WHERE id = ?;");
componentQuery.bind(1, (int) id);
auto componentResult = componentQuery.execQuery();
if (!componentResult.eof())
{
@ -62,9 +64,11 @@ BaseCombatAIComponent::BaseCombatAIComponent(Entity* parent, const uint32_t id)
/*
* Find skills
*/
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT skillID, cooldown, behaviorID FROM SkillBehavior WHERE skillID IN (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
parent->GetLOT());
auto skillQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT skillID, cooldown, behaviorID FROM SkillBehavior WHERE skillID IN (SELECT skillID FROM ObjectSkills WHERE objectTemplate = ?);");
skillQuery.bind(1, (int) parent->GetLOT());
auto result = skillQuery.execQuery();
while (!result.eof()) {
const auto skillId = static_cast<uint32_t>(result.getIntField(0));

View File

@ -371,9 +371,11 @@ const std::vector<BuffParameter>& BuffComponent::GetBuffParameters(int32_t buffI
return pair->second;
}
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT * FROM BuffParameters WHERE BuffID = %d;",
buffId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT * FROM BuffParameters WHERE BuffID = ?;");
query.bind(1, (int) buffId);
auto result = query.execQuery();
std::vector<BuffParameter> parameters {};

View File

@ -373,8 +373,11 @@ void DestroyableComponent::AddFaction(const int32_t factionID, const bool ignore
m_FactionIDs.push_back(factionID);
m_DirtyHealth = true;
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT enemyList FROM Factions WHERE faction = %d;", factionID);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT enemyList FROM Factions WHERE faction = ?;");
query.bind(1, (int) factionID);
auto result = query.execQuery();
if (result.eof()) return;

View File

@ -1142,10 +1142,13 @@ void InventoryComponent::CheckItemSet(const LOT lot) {
return;
}
std::cout << "INVENTORY CHECK" << std::endl;
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT setID FROM ItemSets WHERE itemIDs LIKE '%%%d%%';",
lot);
const std::string lot_query = "%" + std::to_string(lot) + "%";
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT setID FROM ItemSets WHERE itemIDs LIKE ?;");
query.bind(1, lot_query.c_str());
auto result = query.execQuery();
while (!result.eof()) {
const auto id = result.getIntField(0);
@ -1737,4 +1740,3 @@ void InventoryComponent::UpdatePetXml(tinyxml2::XMLDocument* document)
petInventoryElement->LinkEndChild(petElement);
}
}

View File

@ -450,8 +450,11 @@ const std::vector<uint32_t>& MissionComponent::QueryAchievements(MissionTaskType
}
bool MissionComponent::RequiresItem(const LOT lot) {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT type FROM Objects WHERE id = %d;", lot);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT type FROM Objects WHERE id = ?;");
query.bind(1, (int) lot);
auto result = query.execQuery();
if (result.eof()) {
return false;

View File

@ -167,9 +167,11 @@ void PetComponent::OnUse(Entity* originator)
std::string buildFile;
if (cached == buildCache.end()) {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT ValidPiecesLXF, PuzzleModelLot, Timelimit, NumValidPieces, imagCostPerBuild FROM TamingBuildPuzzles WHERE NPCLot = %d;",
m_Parent->GetLOT());
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT ValidPiecesLXF, PuzzleModelLot, Timelimit, NumValidPieces, imagCostPerBuild FROM TamingBuildPuzzles WHERE NPCLot = ?;");
query.bind(1, (int) m_Parent->GetLOT());
auto result = query.execQuery();
if (result.eof())
{

View File

@ -40,9 +40,11 @@ PropertyManagementComponent::PropertyManagementComponent(Entity* parent) : Compo
const auto zoneId = worldId.GetMapID();
const auto cloneId = worldId.GetCloneID();
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT id FROM PropertyTemplate WHERE mapID = %d;",
(int) zoneId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT id FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0))
{
@ -96,9 +98,11 @@ std::vector<NiPoint3> PropertyManagementComponent::GetPaths() const
{
const auto zoneId = dZoneManager::Instance()->GetZone()->GetWorldID();
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT path FROM PropertyTemplate WHERE mapID = %u;",
zoneId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT path FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
auto result = query.execQuery();
std::vector<NiPoint3> paths {};

View File

@ -199,9 +199,13 @@ void RenderComponent::PlayEffect(const int32_t effectId, const std::u16string& e
}
const std::string effectType_str = GeneralUtils::UTF16ToWTF8(effectType);
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT animation_length FROM Animations WHERE animation_type IN (SELECT animationName FROM BehaviorEffect WHERE effectID = %d AND effectType = %Q);",
effectId, effectType_str.c_str());
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT animation_length FROM Animations WHERE animation_type IN (SELECT animationName FROM BehaviorEffect WHERE effectID = ? AND effectType = ?);");
query.bind(1, effectId);
query.bind(2, effectType_str.c_str());
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0)) {
result.finalize();

View File

@ -18,9 +18,11 @@
#include "PacketUtils.h"
RocketLaunchpadControlComponent::RocketLaunchpadControlComponent(Entity* parent, int rocketId) : Component(parent) {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT targetZone, defaultZoneID, targetScene, altLandingPrecondition, altLandingSpawnPointName FROM RocketLaunchpadControlComponent WHERE id = %d;",
rocketId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT targetZone, defaultZoneID, targetScene, altLandingPrecondition, altLandingSpawnPointName FROM RocketLaunchpadControlComponent WHERE id = ?;");
query.bind(1, rocketId);
auto result = query.execQuery();
if (!result.eof() && !result.fieldIsNull(0))
{

View File

@ -86,9 +86,11 @@ void SkillComponent::SyncPlayerProjectile(const LWOOBJID projectileId, RakNet::B
const auto sync_entry = this->m_managedProjectiles.at(index);
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
sync_entry.lot);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = ?);");
query.bind(1, (int) sync_entry.lot);
auto result = query.execQuery();
if (result.eof()) {
Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", sync_entry.lot);
@ -434,9 +436,10 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
return;
}
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
entry.lot);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = ?);");
query.bind(1, (int) entry.lot);
auto result = query.execQuery();
if (result.eof()) {
Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", entry.lot);

View File

@ -2509,9 +2509,11 @@ void GameMessages::HandleBBBSaveRequest(RakNet::BitStream* inStream, Entity* ent
const auto zoneId = worldId.GetMapID();
const auto cloneId = worldId.GetCloneID();
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT id FROM PropertyTemplate WHERE mapID = %d;",
(int) zoneId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT id FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0)) {
return;

View File

@ -386,9 +386,11 @@ void Item::DisassembleModel()
const auto componentId = table->GetByIDAndType(GetLot(), COMPONENT_TYPE_RENDER);
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT render_asset FROM RenderComponent WHERE id = %d;",
componentId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT render_asset FROM RenderComponent WHERE id = ?;");
query.bind(1, (int) componentId);
auto result = query.execQuery();
if (result.eof())
{

View File

@ -15,9 +15,11 @@ ItemSet::ItemSet(const uint32_t id, InventoryComponent* inventoryComponent)
this->m_PassiveAbilities = ItemSetPassiveAbility::FindAbilities(id, m_InventoryComponent->GetParent(), this);
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT skillSetWith2, skillSetWith3, skillSetWith4, skillSetWith5, skillSetWith6, itemIDs FROM ItemSets WHERE setID = %u;",
id);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT skillSetWith2, skillSetWith3, skillSetWith4, skillSetWith5, skillSetWith6, itemIDs FROM ItemSets WHERE setID = ?;");
query.bind(1, (int) id);
auto result = query.execQuery();
if (result.eof())
{
@ -31,9 +33,11 @@ ItemSet::ItemSet(const uint32_t id, InventoryComponent* inventoryComponent)
continue;
}
auto skillResult = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT SkillID FROM ItemSetSkills WHERE SkillSetID = %d;",
result.getIntField(i));
auto skillQuery = CDClientDatabase::CreatePreppedStmt(
"SELECT SkillID FROM ItemSetSkills WHERE SkillSetID = ?;");
skillQuery.bind(1, result.getIntField(i));
auto skillResult = skillQuery.execQuery();
if (skillResult.eof())
{

View File

@ -16,9 +16,11 @@
std::map<uint32_t, Precondition*> Preconditions::cache = {};
Precondition::Precondition(const uint32_t condition) {
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT type, targetLOT, targetCount FROM Preconditions WHERE id = %u;",
condition);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT type, targetLOT, targetCount FROM Preconditions WHERE id = ?;");
query.bind(1, (int) condition);
auto result = query.execQuery();
if (result.eof())
{

View File

@ -1243,11 +1243,13 @@ void SlashCommandHandler::HandleChatCommand(const std::u16string& command, Entit
}
if (chatCommand == "lookup" && entity->GetGMLevel() >= GAME_MASTER_LEVEL_DEVELOPER && args.size() == 1) {
std::string query = "%" + args[0] + "%";
const char* query_cstr = query.c_str();
auto tables = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT `id`, `name` FROM `Objects` WHERE `displayName` LIKE %Q OR `name` LIKE %Q OR `description` LIKE %Q LIMIT 50",
query_cstr, query_cstr, query_cstr);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT `id`, `name` FROM `Objects` WHERE `displayName` LIKE ?1 OR `name` LIKE ?1 OR `description` LIKE ?1 LIMIT 50");
const std::string query_text = "%" + args[0] + "%";
query.bind(1, query_text.c_str());
auto tables = query.execQuery();
while (!tables.eof()) {
std::string message = std::to_string(tables.getIntField(0)) + " - " + tables.getStringField(1);

View File

@ -1059,9 +1059,11 @@ void HandlePacket(Packet* packet) {
const auto zoneId = Game::server->GetZoneID();
const auto cloneId = g_CloneID;
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT id FROM PropertyTemplate WHERE mapID = %u;",
zoneId);
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT id FROM PropertyTemplate WHERE mapID = ?;");
query.bind(1, (int) zoneId);
auto result = query.execQuery();
if (result.eof() || result.fieldIsNull(0)) {
Game::logger->Log("WorldServer", "No property templates found for zone %d, not sending BBB\n", zoneId);

View File

@ -26,9 +26,11 @@ void dZoneManager::Initialize(const LWOZONEID& zoneID) {
LOT zoneControlTemplate = 2365;
auto result = CDClientDatabase::ExecuteQueryWithArgs(
"SELECT zoneControlTemplate, ghostdistance_min, ghostdistance FROM ZoneTable WHERE zoneID = %d;",
(int) zoneID.GetMapID());
auto query = CDClientDatabase::CreatePreppedStmt(
"SELECT zoneControlTemplate, ghostdistance_min, ghostdistance FROM ZoneTable WHERE zoneID = ?;");
query.bind(1, (int) zoneID.GetMapID());
auto result = query.execQuery();
if (!result.eof()) {
zoneControlTemplate = result.getIntField("zoneControlTemplate", 2365);