un escaped slash in SQL

This commit is contained in:
Arthur Ice 2013-06-04 21:55:46 -07:00
parent b16a0c388b
commit c634b9cdf8
2 changed files with 5 additions and 7 deletions

View File

@ -156,8 +156,6 @@ bool DBcore::RunQuery(const std::string& query, std::string* errbuf, MYSQL_RES**
}
void DBcore::DoEscapeString(std::string& outString, const char* frombuf, uint32 fromlen) {
// No good reason to lock the DB, we only need it in the first place to check char encoding.
// LockMutex lock(&MDatabase);
char* tobuf = new char[fromlen*2+1]();
unsigned long length = mysql_real_escape_string(&mysql, tobuf, frombuf, fromlen);
outString.assign(tobuf,length);

View File

@ -1308,15 +1308,15 @@ uint32 SharedDatabase::SetPlayerProfile_MQ(std::string &query, uint32 account_id
std::string playerProfileBuffer;
std::string extendedProfileBuffer;
StringFormat(query, "UPDATE character_ SET timelaston=unix_timestamp(now()), name=\'%s\', zonename=\'%s\', "
"zoneid=%u, instanceid=%u, x = %f, y = %f, z = %f, profile=\'",
StringFormat(query, "UPDATE character_ SET timelaston=unix_timestamp(now()), name='%s', zonename='%s', "
"zoneid=%u, instanceid=%u, x = %f, y = %f, z = %f, profile='",
pp->name, GetZoneName(current_zone), current_zone, current_instance,
pp->x, pp->y, pp->z);
DoEscapeString(playerProfileBuffer, (char*)pp, sizeof(PlayerProfile_Struct));
query.append(playerProfileBuffer);
query.append("\', extprofile=\'");
query.append("', extprofile='");
DoEscapeString(extendedProfileBuffer, (char*)ext, sizeof(ExtendedProfile_Struct));
@ -1324,12 +1324,12 @@ uint32 SharedDatabase::SetPlayerProfile_MQ(std::string &query, uint32 account_id
std::string endingOfQuery;
StringFormat(endingOfQuery,"\',class=%d,level=%d,xtargets=%u "
StringFormat(endingOfQuery,"',class=%d,level=%d,xtargets=%u "
"WHERE id=%u", pp->class_, pp->level,
MaxXTargets, charid);
query.append(endingOfQuery);
return query.length();
}