Additional SQLite lookup sanitizing.

Using CDClientDatabase::ExecuteQueryWithArgs() across all known lookups.
2025-08-04 09:44:10 +00:00 · 2022-01-06 21:12:47 -05:00
parent 4796b551ad
commit e5f7d164cb
16 changed files with 75 additions and 129 deletions
--- a/dZoneManager/dZoneManager.cpp
+++ b/dZoneManager/dZoneManager.cpp
@@ -26,8 +26,9 @@ void dZoneManager::Initialize(const LWOZONEID& zoneID) {

 	LOT zoneControlTemplate = 2365;

-	std::stringstream query;
-	auto result = CDClientDatabase::ExecuteQuery("SELECT zoneControlTemplate, ghostdistance_min, ghostdistance FROM ZoneTable WHERE zoneID = " + std::to_string(zoneID.GetMapID()));
+	auto result = CDClientDatabase::ExecuteQueryWithArgs(
+		"SELECT zoneControlTemplate, ghostdistance_min, ghostdistance FROM ZoneTable WHERE zoneID = %d;",
+		(int) zoneID.GetMapID());

 	if (!result.eof()) {
 		zoneControlTemplate = result.getIntField("zoneControlTemplate", 2365);