Fixed the way we work with blobs.

quoting and length on runquery. Fixed fence post error on StringFormat()
2026-04-27 16:32:27 +00:00 · 2013-05-27 14:31:34 -07:00 · 2013-05-27 14:31:34 -07:00 · 9ebe02d363
commit 9ebe02d363
parent 2631861370
3 changed files with 31 additions and 24 deletions
--- a/common/StringUtil.cpp
+++ b/common/StringUtil.cpp
@ -56,10 +56,10 @@ void vStringFormat(std::string& output, const char* format, va_list args)
 		
 		throw std::runtime_error(errorMessage);
 	}
-	else if ((unsigned int)characters_used > output.capacity()) {
-		output.resize(characters_used+1);
+	if ((unsigned int)characters_used > output.capacity()) {
+		output.resize(characters_used);
 		va_copy(tmpargs,args);
-		characters_used = vsnprintf(&output[0], output.capacity(), format, tmpargs);
+		characters_used = vsnprintf(&output[0], output.capacity()+1, format, tmpargs);
 		va_end(tmpargs);

 		if (characters_used < 0) {
@ -70,24 +70,23 @@ void vStringFormat(std::string& output, const char* format, va_list args)
 		
 			throw std::runtime_error(errorMessage);
 		}
+		return;
 	} 
-	else {
-		output.resize(characters_used + 1);
+	output.resize(characters_used+1);

-		va_copy(tmpargs,args);
-		characters_used = vsnprintf(&output[0], output.capacity(), format, tmpargs);
-		va_end(tmpargs);
+	va_copy(tmpargs,args);
+	characters_used = vsnprintf(&output[0], output.capacity()+1, format, tmpargs);
+	va_end(tmpargs);

-		if (characters_used < 0) {
-			// We shouldn't have a format error by this point, but I can't imagine what error we
-			// could have by this point. still error out and report it.
-			std::string errorMessage("Invalid format string or unknown vsnprintf error; vsnprintf returned negative with format string: ");
-			errorMessage.append(format);
-		
-			throw std::runtime_error(errorMessage);
-		}
+	if (characters_used < 0) {
+		// We shouldn't have a format error by this point, but I can't imagine what error we
+		// could have by this point. still error out and report it.
+		std::string errorMessage("Invalid format string or unknown vsnprintf error; vsnprintf returned negative with format string: ");
+		errorMessage.append(format);
 		
+		throw std::runtime_error(errorMessage);
 	}
+	return;
 }

 void StringFormat(std::string& output, const char* format, ...)
--- a/common/database.cpp
+++ b/common/database.cpp
@ -626,6 +626,7 @@ bool Database::DeleteCharacter(char *name)

 	return true;
 }
+
 // Store new character information into the character_ and inventory tables
 bool Database::StoreCharacter(uint32 account_id, PlayerProfile_Struct* pp, Inventory* inv, ExtendedProfile_Struct *ext)
 {
@ -637,8 +638,7 @@ bool Database::StoreCharacter(uint32 account_id, PlayerProfile_Struct* pp, Inven
 	uint32 charid = 0;
 	MYSQL_RES *result;
 	MYSQL_ROW row = 0;
-	std::string playerProfileBuffer;
-	std::string extendedProfileBuffer;
+
 	char zone[50];
 	float x, y, z;

@ -675,22 +675,30 @@ bool Database::StoreCharacter(uint32 account_id, PlayerProfile_Struct* pp, Inven
 	y=pp->y;
 	z=pp->z;

+	std::string playerProfileBuffer;
+	std::string extendedProfileBuffer;
+
 	// construct the character_ query
 	StringFormat(query, "UPDATE character_ SET timelaston=0, "
 						"zonename=\'%s\', x=%f, y=%f, z=%f, profile=\'",
 						zone, x, y, z);
-
+	
 	DoEscapeString(playerProfileBuffer, (char*)pp, sizeof(PlayerProfile_Struct));

 	query.append(playerProfileBuffer);
+	
 	query.append("\', extprofile=\'");
+	
 	DoEscapeString(extendedProfileBuffer, (char*)ext, sizeof(ExtendedProfile_Struct));
+	
 	query.append(extendedProfileBuffer);

 	std::string ending;
+	
 	StringFormat(ending, "\' WHERE account_id=%d AND name='%s'",account_id, pp->name);
+	
 	query.append(ending);
-
+	
 	RunQuery(query, errbuf, 0, &affected_rows);

 	if(!affected_rows)
--- a/common/dbcore.cpp
+++ b/common/dbcore.cpp
@ -74,7 +74,7 @@ bool DBcore::RunQuery(const std::string query, char* errbuf, MYSQL_RES** result,
 	strn0cpy(tmp, query.c_str(), sizeof(tmp));
 	std::cout << "QUERY: " << tmp << std::endl;
 #endif
-	if (mysql_real_query(&mysql, query.c_str(), strlen(query.c_str()))) {
+	if (mysql_real_query(&mysql, query.c_str(), query.length())) {
 		if (mysql_errno(&mysql) == CR_SERVER_GONE_ERROR)
 			pStatus = Error;
 		if (mysql_errno(&mysql) == CR_SERVER_LOST || mysql_errno(&mysql) == CR_SERVER_GONE_ERROR) {
@ -156,9 +156,9 @@ bool DBcore::RunQuery(const std::string query, char* errbuf, MYSQL_RES** result,
 void DBcore::DoEscapeString(std::string& outString, const char* frombuf, uint32 fromlen) {
 //	No good reason to lock the DB, we only need it in the first place to check char encoding.
 //	LockMutex lock(&MDatabase);
-	char* tobuf = new char[sizeof(frombuf)*fromlen]();
-	mysql_real_escape_string(&mysql, tobuf, frombuf, fromlen);
-	outString.assign(tobuf,sizeof(frombuf)*fromlen);
+	char* tobuf = new char[sizeof(frombuf)*fromlen*2]();
+	unsigned long length = mysql_real_escape_string(&mysql, tobuf, frombuf, fromlen);
+	outString.assign(tobuf,length);
 	safe_delete_array(tobuf);
 }