Mirrored_Repos/invidious
1
0
Fork 0
mirror of https://github.com/iv-org/invidious.git synced 2025-10-31 04:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

db: use prepared statements rather than crafted argument list

Browse Source
This commit is contained in:
Samantaz Fox
2022-01-26 17:30:54 +01:00
parent ce4a52325b
commit 67dd2b419a
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/invidious/database/channels.cr
View File

@@ -77,14 +77,13 @@ module Invidious::Database::Channels
def select(ids : Array(String)) : Array(InvidiousChannel)?
return [] of InvidiousChannel if ids.empty?
values = ids.map { |id| %(('#{id}')) }.join(",")
request = <<-SQL
SELECT * FROM channels
WHERE id = ANY(VALUES #{values})
WHERE id = ANY($1)
SQL
return PG_DB.query_all(request, as: InvidiousChannel)
return PG_DB.query_all(request, ids, as: InvidiousChannel)
end
end
@@ -127,11 +126,11 @@ module Invidious::Database::ChannelVideos
request = <<-SQL
SELECT * FROM channel_videos
WHERE id IN (#{arg_array(ids)})
WHERE id = ANY($1)
ORDER BY published DESC
SQL
return PG_DB.query_all(request, args: ids, as: ChannelVideo)
return PG_DB.query_all(request, ids, as: ChannelVideo)
end
def select_notfications(ucid : String, since : Time) : Array(ChannelVideo)