mirror of
https://github.com/Relintai/rcpp_framework.git
synced 2024-11-14 04:57:21 +01:00
Now instead of having an escaped version of the methods that has string parmeters in QueryBuilder, they have an unescaped version, and the base version escapes. Having it like this is a lot safer.
This commit is contained in:
parent
6073ef90c9
commit
cfb5f877c8
@ -41,20 +41,20 @@ QueryBuilder *QueryBuilder::like() {
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::select(const std::string ¶ms) {
|
||||
return this;
|
||||
return nselect(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::update(const std::string ¶ms) {
|
||||
return this;
|
||||
return nupdate(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::del(const std::string ¶ms) {
|
||||
return this;
|
||||
return ndel(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::where(const std::string ¶ms) {
|
||||
return this;
|
||||
return nwhere(escape(params));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::from(const std::string ¶ms) {
|
||||
return this;
|
||||
return nfrom(escape(params));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::insert(const std::string &table_name) {
|
||||
@ -64,7 +64,7 @@ QueryBuilder *QueryBuilder::insert(const std::string &table_name, const std::str
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::values(const std::string ¶ms_str) {
|
||||
return this;
|
||||
return nvalues(escape(params_str));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::val() {
|
||||
@ -72,7 +72,7 @@ QueryBuilder *QueryBuilder::val() {
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::val(const std::string ¶m) {
|
||||
return this;
|
||||
return nval(escape(param));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::val(const char *param) {
|
||||
@ -87,7 +87,7 @@ QueryBuilder *QueryBuilder::val(const bool param) {
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::like(const std::string &str) {
|
||||
return this;
|
||||
return nlike(escape(str));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::set() {
|
||||
@ -97,7 +97,7 @@ QueryBuilder *QueryBuilder::cset() {
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::setp(const std::string &col, const std::string ¶m) {
|
||||
return this;
|
||||
return nsetp(col, escape(param));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::setp(const std::string &col, const char *param) {
|
||||
return this;
|
||||
@ -110,7 +110,7 @@ QueryBuilder *QueryBuilder::setp(const std::string &col, const bool param) {
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::wp(const std::string &col, const std::string ¶m) {
|
||||
return this;
|
||||
return nwp(col, escape(param));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::wp(const std::string &col, const char *param) {
|
||||
return this;
|
||||
@ -122,43 +122,38 @@ QueryBuilder *QueryBuilder::wp(const std::string &col, const bool param) {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::eselect(const std::string ¶ms) {
|
||||
return select(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::eupdate(const std::string ¶ms) {
|
||||
return update(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::edel(const std::string ¶ms) {
|
||||
return del(escape(params));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::ewhere(const std::string ¶ms) {
|
||||
return where(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::efrom(const std::string ¶ms) {
|
||||
return from(escape(params));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::einsert(const std::string &table_name) {
|
||||
return insert(escape(table_name));
|
||||
|
||||
QueryBuilder *QueryBuilder::nselect(const std::string ¶ms) {
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::elike(const std::string &str) {
|
||||
return like(escape(str));
|
||||
QueryBuilder *QueryBuilder::nupdate(const std::string ¶ms) {
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::evalues(const std::string ¶ms_str) {
|
||||
return values(escape(params_str));
|
||||
QueryBuilder *QueryBuilder::ndel(const std::string ¶ms) {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::eval(const std::string ¶m) {
|
||||
QueryBuilder *QueryBuilder::nwhere(const std::string ¶ms) {
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::nfrom(const std::string ¶ms) {
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::nlike(const std::string &str) {
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *QueryBuilder::nvalues(const std::string ¶ms_str) {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::nval(const std::string ¶m) {
|
||||
return val(escape(param));
|
||||
}
|
||||
QueryBuilder *QueryBuilder::esetp(const std::string &col, const std::string &escape_param) {
|
||||
QueryBuilder *QueryBuilder::nsetp(const std::string &col, const std::string &escape_param) {
|
||||
return setp(col, escape(escape_param));
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::ewp(const std::string &col, const std::string &escape_param) {
|
||||
return wp(col, escape(escape_param));
|
||||
QueryBuilder *QueryBuilder::nwp(const std::string &col, const std::string &escape_param) {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *QueryBuilder::limit(const int num) {
|
||||
|
||||
@ -56,20 +56,19 @@ public:
|
||||
virtual QueryBuilder *wp(const std::string &col, const int param);
|
||||
virtual QueryBuilder *wp(const std::string &col, const bool param);
|
||||
|
||||
virtual QueryBuilder *eselect(const std::string ¶ms);
|
||||
virtual QueryBuilder *eupdate(const std::string ¶ms);
|
||||
virtual QueryBuilder *edel(const std::string ¶ms);
|
||||
virtual QueryBuilder *nselect(const std::string ¶ms);
|
||||
virtual QueryBuilder *nupdate(const std::string ¶ms);
|
||||
virtual QueryBuilder *ndel(const std::string ¶ms);
|
||||
|
||||
virtual QueryBuilder *ewhere(const std::string ¶ms);
|
||||
virtual QueryBuilder *efrom(const std::string ¶ms);
|
||||
virtual QueryBuilder *einsert(const std::string &table_name);
|
||||
virtual QueryBuilder *elike(const std::string &str);
|
||||
virtual QueryBuilder *evalues(const std::string ¶ms_str);
|
||||
virtual QueryBuilder *eval(const std::string ¶m);
|
||||
virtual QueryBuilder *nwhere(const std::string ¶ms);
|
||||
virtual QueryBuilder *nfrom(const std::string ¶ms);
|
||||
virtual QueryBuilder *nlike(const std::string &str);
|
||||
virtual QueryBuilder *nvalues(const std::string ¶ms_str);
|
||||
virtual QueryBuilder *nval(const std::string ¶m);
|
||||
//note col is NOT escaped
|
||||
virtual QueryBuilder *esetp(const std::string &col, const std::string &escape_param);
|
||||
virtual QueryBuilder *nsetp(const std::string &col, const std::string &escape_param);
|
||||
//note col is NOT escaped
|
||||
virtual QueryBuilder *ewp(const std::string &col, const std::string &escape_param);
|
||||
virtual QueryBuilder *nwp(const std::string &col, const std::string &escape_param);
|
||||
|
||||
virtual QueryBuilder *limit(const int num);
|
||||
virtual QueryBuilder *offset(const int num);
|
||||
|
||||
@ -34,31 +34,31 @@ QueryBuilder *MysqlQueryBuilder::cvalues() {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *MysqlQueryBuilder::select(const std::string ¶ms) {
|
||||
QueryBuilder *MysqlQueryBuilder::nselect(const std::string ¶ms) {
|
||||
query_result += "SELECT " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *MysqlQueryBuilder::where(const std::string ¶ms) {
|
||||
QueryBuilder *MysqlQueryBuilder::nwhere(const std::string ¶ms) {
|
||||
query_result += "WHERE " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *MysqlQueryBuilder::from(const std::string ¶ms) {
|
||||
QueryBuilder *MysqlQueryBuilder::nfrom(const std::string ¶ms) {
|
||||
query_result += "FROM " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *MysqlQueryBuilder::insert(const std::string &table_name) {
|
||||
QueryBuilder *MysqlQueryBuilder::ninsert(const std::string &table_name) {
|
||||
query_result += "INSERT INTO " + table_name + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *MysqlQueryBuilder::values(const std::string ¶ms_str) {
|
||||
QueryBuilder *MysqlQueryBuilder::nvalues(const std::string ¶ms_str) {
|
||||
query_result += "VALUES(" + params_str + ") ";
|
||||
|
||||
return this;
|
||||
|
||||
@ -18,11 +18,11 @@ public:
|
||||
QueryBuilder *values();
|
||||
QueryBuilder *cvalues();
|
||||
|
||||
QueryBuilder *select(const std::string ¶ms);
|
||||
QueryBuilder *where(const std::string ¶ms);
|
||||
QueryBuilder *from(const std::string ¶ms);
|
||||
QueryBuilder *insert(const std::string &table_name);
|
||||
QueryBuilder *values(const std::string ¶ms_str);
|
||||
QueryBuilder *nselect(const std::string ¶ms);
|
||||
QueryBuilder *nwhere(const std::string ¶ms);
|
||||
QueryBuilder *nfrom(const std::string ¶ms);
|
||||
QueryBuilder *ninsert(const std::string &table_name);
|
||||
QueryBuilder *nvalues(const std::string ¶ms_str);
|
||||
|
||||
QueryBuilder *limit(const int num);
|
||||
QueryBuilder *offset(const int num);
|
||||
|
||||
@ -65,29 +65,29 @@ QueryBuilder *SQLite3QueryBuilder::like() {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::select(const std::string ¶ms) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nselect(const std::string ¶ms) {
|
||||
query_result += "SELECT " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *SQLite3QueryBuilder::update(const std::string ¶ms) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nupdate(const std::string ¶ms) {
|
||||
query_result += "UPDATE " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *SQLite3QueryBuilder::del(const std::string ¶ms) {
|
||||
QueryBuilder *SQLite3QueryBuilder::ndel(const std::string ¶ms) {
|
||||
query_result += "DELETE FROM " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::where(const std::string ¶ms) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nwhere(const std::string ¶ms) {
|
||||
query_result += "WHERE " + params + " ";
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::from(const std::string ¶ms) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nfrom(const std::string ¶ms) {
|
||||
query_result += "FROM " + params + " ";
|
||||
|
||||
return this;
|
||||
@ -103,7 +103,7 @@ QueryBuilder *SQLite3QueryBuilder::insert(const std::string &table_name, const s
|
||||
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *SQLite3QueryBuilder::values(const std::string ¶ms_str) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nvalues(const std::string ¶ms_str) {
|
||||
query_result += "VALUES(" + params_str + ") ";
|
||||
|
||||
return this;
|
||||
@ -115,7 +115,7 @@ QueryBuilder *SQLite3QueryBuilder::val() {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::val(const std::string ¶m) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nval(const std::string ¶m) {
|
||||
query_result += "'" + param + "', ";
|
||||
|
||||
return this;
|
||||
@ -145,7 +145,7 @@ QueryBuilder *SQLite3QueryBuilder::val(const bool param) {
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::like(const std::string &str) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nlike(const std::string &str) {
|
||||
query_result += "LIKE '" + str + "' ";
|
||||
|
||||
return this;
|
||||
@ -161,7 +161,7 @@ QueryBuilder *SQLite3QueryBuilder::cset() {
|
||||
|
||||
return this;
|
||||
}
|
||||
QueryBuilder *SQLite3QueryBuilder::setp(const std::string &col, const std::string ¶m) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nsetp(const std::string &col, const std::string ¶m) {
|
||||
query_result += col + "='" + param + "', ";
|
||||
|
||||
return this;
|
||||
@ -189,7 +189,7 @@ QueryBuilder *SQLite3QueryBuilder::setp(const std::string &col, const bool param
|
||||
return this;
|
||||
}
|
||||
|
||||
QueryBuilder *SQLite3QueryBuilder::wp(const std::string &col, const std::string ¶m) {
|
||||
QueryBuilder *SQLite3QueryBuilder::nwp(const std::string &col, const std::string ¶m) {
|
||||
query_result += col + "='" + param + "' ";
|
||||
|
||||
return this;
|
||||
|
||||
@ -25,31 +25,31 @@ public:
|
||||
|
||||
QueryBuilder *like();
|
||||
|
||||
QueryBuilder *select(const std::string ¶ms);
|
||||
QueryBuilder *update(const std::string ¶ms);
|
||||
QueryBuilder *del(const std::string ¶ms);
|
||||
QueryBuilder *nselect(const std::string ¶ms);
|
||||
QueryBuilder *nupdate(const std::string ¶ms);
|
||||
QueryBuilder *ndel(const std::string ¶ms);
|
||||
|
||||
QueryBuilder *where(const std::string ¶ms);
|
||||
QueryBuilder *from(const std::string ¶ms);
|
||||
QueryBuilder *nwhere(const std::string ¶ms);
|
||||
QueryBuilder *nfrom(const std::string ¶ms);
|
||||
QueryBuilder *insert(const std::string &table_name);
|
||||
QueryBuilder *insert(const std::string &table_name, const std::string &columns);
|
||||
QueryBuilder *values(const std::string ¶ms_str);
|
||||
QueryBuilder *nvalues(const std::string ¶ms_str);
|
||||
QueryBuilder *val();
|
||||
QueryBuilder *val(const std::string ¶m);
|
||||
QueryBuilder *nval(const std::string ¶m);
|
||||
QueryBuilder *val(const char *param);
|
||||
QueryBuilder *val(const int param);
|
||||
QueryBuilder *val(const bool param);
|
||||
|
||||
QueryBuilder *like(const std::string &str);
|
||||
QueryBuilder *nlike(const std::string &str);
|
||||
|
||||
QueryBuilder *set();
|
||||
QueryBuilder *cset();
|
||||
QueryBuilder *setp(const std::string &col, const std::string ¶m);
|
||||
QueryBuilder *nsetp(const std::string &col, const std::string ¶m);
|
||||
QueryBuilder *setp(const std::string &col, const char *param);
|
||||
QueryBuilder *setp(const std::string &col, const int param);
|
||||
QueryBuilder *setp(const std::string &col, const bool param);
|
||||
|
||||
QueryBuilder *wp(const std::string &col, const std::string ¶m);
|
||||
QueryBuilder *nwp(const std::string &col, const std::string ¶m);
|
||||
QueryBuilder *wp(const std::string &col, const char *param);
|
||||
QueryBuilder *wp(const std::string &col, const int param);
|
||||
QueryBuilder *wp(const std::string &col, const bool param);
|
||||
|
||||
@ -58,7 +58,7 @@ void RBACModel::save_rank(const Ref<RBACRank> &rank) {
|
||||
|
||||
if (rank->id == 0) {
|
||||
qb->insert(RBAC_RANK_TABLE, "name,name_internal,settings,rank_permissions")->values();
|
||||
qb->eval(rank->name)->eval(rank->name_internal)->eval(rank->settings)->val(rank->rank_permissions);
|
||||
qb->val(rank->name)->val(rank->name_internal)->val(rank->settings)->val(rank->rank_permissions);
|
||||
qb->cvalues();
|
||||
qb->select_last_insert_id();
|
||||
Ref<QueryResult> res = qb->run();
|
||||
@ -69,9 +69,9 @@ void RBACModel::save_rank(const Ref<RBACRank> &rank) {
|
||||
r->id = res->get_last_insert_rowid();
|
||||
} else {
|
||||
qb->update(RBAC_RANK_TABLE)->set();
|
||||
qb->esetp("name", rank->name);
|
||||
qb->esetp("name_internal", rank->name_internal);
|
||||
qb->esetp("settings", rank->settings);
|
||||
qb->setp("name", rank->name);
|
||||
qb->setp("name_internal", rank->name_internal);
|
||||
qb->setp("settings", rank->settings);
|
||||
qb->setp("rank_permissions", rank->rank_permissions);
|
||||
qb->cset();
|
||||
qb->where()->wp("id", rank->id);
|
||||
|
||||
@ -54,7 +54,7 @@ Ref<User> UserModel::get_user(const std::string &user_name_input) {
|
||||
|
||||
b->select("id, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked");
|
||||
b->from(_table_name);
|
||||
b->where()->ewp("username", user_name_input);
|
||||
b->where()->wp("username", user_name_input);
|
||||
b->end_command();
|
||||
|
||||
Ref<QueryResult> r = b->run();
|
||||
@ -87,8 +87,8 @@ void UserModel::save_user(Ref<User> &user) {
|
||||
b->insert(_table_name, "username, email, rank, pre_salt, post_salt, password_hash, banned, password_reset_token, locked");
|
||||
|
||||
b->values();
|
||||
b->eval(user->name_user_input);
|
||||
b->eval(user->email_user_input);
|
||||
b->val(user->name_user_input);
|
||||
b->val(user->email_user_input);
|
||||
b->val(user->rank);
|
||||
b->val(user->pre_salt);
|
||||
b->val(user->post_salt);
|
||||
@ -107,8 +107,8 @@ void UserModel::save_user(Ref<User> &user) {
|
||||
} else {
|
||||
b->update(_table_name);
|
||||
b->set();
|
||||
b->esetp("username", user->name_user_input);
|
||||
b->esetp("email", user->email_user_input);
|
||||
b->setp("username", user->name_user_input);
|
||||
b->setp("email", user->email_user_input);
|
||||
b->setp("rank", user->rank);
|
||||
b->setp("pre_salt", user->pre_salt);
|
||||
b->setp("post_salt", user->post_salt);
|
||||
@ -161,7 +161,7 @@ std::vector<Ref<User> > UserModel::get_all() {
|
||||
bool UserModel::is_username_taken(const std::string &user_name_input) {
|
||||
Ref<QueryBuilder> b = DatabaseManager::get_singleton()->ddb->get_query_builder();
|
||||
|
||||
b->select("id")->from(_table_name)->where("username")->elike(user_name_input)->end_command();
|
||||
b->select("id")->from(_table_name)->where("username")->like(user_name_input)->end_command();
|
||||
|
||||
Ref<QueryResult> r = b->run();
|
||||
|
||||
@ -170,7 +170,7 @@ bool UserModel::is_username_taken(const std::string &user_name_input) {
|
||||
bool UserModel::is_email_taken(const std::string &email_input) {
|
||||
Ref<QueryBuilder> b = DatabaseManager::get_singleton()->ddb->get_query_builder();
|
||||
|
||||
b->select("id")->from(_table_name)->where("username")->elike(email_input)->end_command();
|
||||
b->select("id")->from(_table_name)->where("username")->like(email_input)->end_command();
|
||||
|
||||
Ref<QueryResult> r = b->run();
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user