Additional SQLite lookup sanitizing.

Using CDClientDatabase::ExecuteQueryWithArgs() across all known lookups.
2025-08-04 09:44:10 +00:00 · 2022-01-06 21:12:47 -05:00
parent 4796b551ad
commit e5f7d164cb
16 changed files with 75 additions and 129 deletions
--- a/dGame/dComponents/SkillComponent.cpp
+++ b/dGame/dComponents/SkillComponent.cpp
@@ -86,14 +86,11 @@ void SkillComponent::SyncPlayerProjectile(const LWOOBJID projectileId, RakNet::B

 	const auto sync_entry = this->m_managedProjectiles.at(index);

-	std::stringstream query;
+	auto result = CDClientDatabase::ExecuteQueryWithArgs(
+		"SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
+		sync_entry.lot);

-	query << "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(sync_entry.lot) << ")";
-
-	auto result = CDClientDatabase::ExecuteQuery(query.str());
-
-	if (result.eof())
-	{
+	if (result.eof()) {
 		Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", sync_entry.lot);

 		return;
@@ -428,8 +425,7 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
 {
 	auto* other = EntityManager::Instance()->GetEntity(entry.branchContext.target);

-	if (other == nullptr)
-	{
+	if (other == nullptr) {
 		if (entry.branchContext.target != LWOOBJID_EMPTY)
 		{
 			Game::logger->Log("SkillComponent", "Invalid projectile target (%llu)!\n", entry.branchContext.target);
@@ -438,14 +434,11 @@ void SkillComponent::SyncProjectileCalculation(const ProjectileSyncEntry& entry)
 		return;
 	}

-	std::stringstream query;
+	auto result = CDClientDatabase::ExecuteQueryWithArgs(
+        "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = %d);",
+        entry.lot);

-	query << "SELECT behaviorID FROM SkillBehavior WHERE skillID = (SELECT skillID FROM ObjectSkills WHERE objectTemplate = " << std::to_string(entry.lot) << ")";
-
-	auto result = CDClientDatabase::ExecuteQuery(query.str());
-
-	if (result.eof())
-	{
+	if (result.eof()) {
 		Game::logger->Log("SkillComponent", "Failed to find skill id for (%i)!\n", entry.lot);

 		return;