pa/eqemu-server
2
0
Fork 0
mirror of https://github.com/EQEmu/Server.git synced 2026-04-26 19:42:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

un escaped slash in SQL

Browse Source
This commit is contained in:
Arthur Ice 2013-06-04 21:55:46 -07:00
parent b16a0c388b
commit c634b9cdf8
2 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/dbcore.cpp
View File

@ -156,8 +156,6 @@ bool DBcore::RunQuery(const std::string& query, std::string* errbuf, MYSQL_RES**
} }
void DBcore::DoEscapeString(std::string& outString, const char* frombuf, uint32 fromlen) { void DBcore::DoEscapeString(std::string& outString, const char* frombuf, uint32 fromlen) {
// No good reason to lock the DB, we only need it in the first place to check char encoding.
// LockMutex lock(&MDatabase);
char* tobuf = new char[fromlen*2+1](); char* tobuf = new char[fromlen*2+1]();
unsigned long length = mysql_real_escape_string(&mysql, tobuf, frombuf, fromlen); unsigned long length = mysql_real_escape_string(&mysql, tobuf, frombuf, fromlen);
outString.assign(tobuf,length); outString.assign(tobuf,length);

8
common/shareddb.cpp
View File

@ -1308,15 +1308,15 @@ uint32 SharedDatabase::SetPlayerProfile_MQ(std::string &query, uint32 account_id
std::string playerProfileBuffer; std::string playerProfileBuffer;
std::string extendedProfileBuffer; std::string extendedProfileBuffer;
StringFormat(query, "UPDATE character_ SET timelaston=unix_timestamp(now()), name=\'%s\', zonename=\'%s\', " StringFormat(query, "UPDATE character_ SET timelaston=unix_timestamp(now()), name='%s', zonename='%s', "
"zoneid=%u, instanceid=%u, x = %f, y = %f, z = %f, profile=\'", "zoneid=%u, instanceid=%u, x = %f, y = %f, z = %f, profile='",
pp->name, GetZoneName(current_zone), current_zone, current_instance, pp->name, GetZoneName(current_zone), current_zone, current_instance,
pp->x, pp->y, pp->z); pp->x, pp->y, pp->z);
DoEscapeString(playerProfileBuffer, (char*)pp, sizeof(PlayerProfile_Struct)); DoEscapeString(playerProfileBuffer, (char*)pp, sizeof(PlayerProfile_Struct));
query.append(playerProfileBuffer); query.append(playerProfileBuffer);
query.append("\', extprofile=\'"); query.append("', extprofile='");
DoEscapeString(extendedProfileBuffer, (char*)ext, sizeof(ExtendedProfile_Struct)); DoEscapeString(extendedProfileBuffer, (char*)ext, sizeof(ExtendedProfile_Struct));
@ -1324,7 +1324,7 @@ uint32 SharedDatabase::SetPlayerProfile_MQ(std::string &query, uint32 account_id
std::string endingOfQuery; std::string endingOfQuery;
StringFormat(endingOfQuery,"\',class=%d,level=%d,xtargets=%u " StringFormat(endingOfQuery,"',class=%d,level=%d,xtargets=%u "
"WHERE id=%u", pp->class_, pp->level, "WHERE id=%u", pp->class_, pp->level,
MaxXTargets, charid); MaxXTargets, charid);