diff --git a/src/game/CharacterHandler.cpp b/src/game/CharacterHandler.cpp index 33d27943c..6df711e62 100644 --- a/src/game/CharacterHandler.cpp +++ b/src/game/CharacterHandler.cpp @@ -715,8 +715,15 @@ void WorldSession::HandlePlayerLogin(LoginQueryHolder *holder) pCurrChar->SendInitialPacketsAfterAddToMap(); - CharacterDatabase.PExecute("UPDATE characters SET online = 1 WHERE guid = '%u'", pCurrChar->GetGUIDLow()); - LoginDatabase.PExecute("UPDATE account SET active_realm_id = %u WHERE id = '%u'", realmID, GetAccountId()); + static SqlStatementID updChars; + static SqlStatementID updAccount; + + SqlStatement stmt = CharacterDatabase.CreateStatement(updChars, "UPDATE characters SET online = 1 WHERE guid = ?"); + stmt.PExecute(pCurrChar->GetGUIDLow()); + + stmt = LoginDatabase.CreateStatement(updAccount, "UPDATE account SET active_realm_id = ? WHERE id = ?"); + stmt.PExecute(realmID, GetAccountId()); + pCurrChar->SetInGameTime( WorldTimer::getMSTime() ); // announce group about member online (must be after add to player list to receive announce to self) diff --git a/src/game/Corpse.cpp b/src/game/Corpse.cpp index 73b39180f..e92bf9820 100644 --- a/src/game/Corpse.cpp +++ b/src/game/Corpse.cpp @@ -143,7 +143,10 @@ void Corpse::DeleteFromDB() MANGOS_ASSERT(GetType() != CORPSE_BONES); // all corpses (not bones) - CharacterDatabase.PExecute("DELETE FROM corpse WHERE player = '%u' AND corpse_type <> '0'", GetOwnerGuid().GetCounter()); + static SqlStatementID id; + + SqlStatement stmt = CharacterDatabase.CreateStatement(id, "DELETE FROM corpse WHERE player = ? AND corpse_type <> '0'"); + stmt.PExecute(GetOwnerGuid().GetCounter()); } bool Corpse::LoadFromDB(uint32 lowguid, Field *fields) diff --git a/src/game/Pet.cpp b/src/game/Pet.cpp index 332bf0447..4f52fdc08 100644 --- a/src/game/Pet.cpp +++ b/src/game/Pet.cpp @@ -234,10 +234,16 @@ bool Pet::LoadPetFromDB( Player* owner, uint32 petentry, uint32 petnumber, bool if (fields[7].GetUInt32() != 0) { CharacterDatabase.BeginTransaction(); - CharacterDatabase.PExecute("UPDATE character_pet SET slot = '%u' WHERE owner = '%u' AND slot = '%u' AND id <> '%u'", - PET_SAVE_NOT_IN_SLOT, ownerid, PET_SAVE_AS_CURRENT, m_charmInfo->GetPetNumber()); - CharacterDatabase.PExecute("UPDATE character_pet SET slot = '%u' WHERE owner = '%u' AND id = '%u'", - PET_SAVE_AS_CURRENT, ownerid, m_charmInfo->GetPetNumber()); + + static SqlStatementID id_1; + static SqlStatementID id_2; + + SqlStatement stmt = CharacterDatabase.CreateStatement(id_1, "UPDATE character_pet SET slot = ? WHERE owner = ? AND slot = ? AND id <> ?"); + stmt.PExecute(uint32(PET_SAVE_NOT_IN_SLOT), ownerid, uint32(PET_SAVE_AS_CURRENT), m_charmInfo->GetPetNumber()); + + stmt = CharacterDatabase.CreateStatement(id_2, "UPDATE character_pet SET slot = ? WHERE owner = ? AND id = ?"); + stmt.PExecute(uint32(PET_SAVE_AS_CURRENT), ownerid, m_charmInfo->GetPetNumber()); + CharacterDatabase.CommitTransaction(); } diff --git a/src/game/World.cpp b/src/game/World.cpp index 04e0820a6..8dbf53ace 100644 --- a/src/game/World.cpp +++ b/src/game/World.cpp @@ -266,7 +266,12 @@ World::AddSession_ (WorldSession* s) float popu = float(GetActiveSessionCount()); // updated number of users on the server popu /= pLimit; popu *= 2; - LoginDatabase.PExecute ("UPDATE realmlist SET population = '%f' WHERE id = '%u'", popu, realmID); + + static SqlStatementID id; + + SqlStatement stmt = LoginDatabase.CreateStatement(id, "UPDATE realmlist SET population = ? WHERE id = ?"); + stmt.PExecute(popu, realmID); + DETAIL_LOG("Server Population (%f).", popu); } } diff --git a/src/game/WorldSession.cpp b/src/game/WorldSession.cpp index 2db93f4b4..fe64dc6ea 100644 --- a/src/game/WorldSession.cpp +++ b/src/game/WorldSession.cpp @@ -421,7 +421,10 @@ void WorldSession::LogoutPlayer(bool Save) ///- Reset the online field in the account table // no point resetting online in character table here as Player::SaveToDB() will set it to 1 since player has not been removed from world at this stage // No SQL injection as AccountID is uint32 - LoginDatabase.PExecute("UPDATE account SET active_realm_id = 0 WHERE id = '%u'", GetAccountId()); + static SqlStatementID id; + + SqlStatement stmt = LoginDatabase.CreateStatement(id, "UPDATE account SET active_realm_id = ? WHERE id = ?"); + stmt.PExecute(uint32(0), GetAccountId()); ///- If the player is in a guild, update the guild roster and broadcast a logout message to other guild members if (Guild *guild = sObjectMgr.GetGuildById(_player->GetGuildId())) @@ -495,8 +498,12 @@ void WorldSession::LogoutPlayer(bool Save) ///- Since each account can only have one online character at any given time, ensure all characters for active account are marked as offline //No SQL injection as AccountId is uint32 - CharacterDatabase.PExecute("UPDATE characters SET online = 0 WHERE account = '%u'", - GetAccountId()); + + static SqlStatementID updChars; + + stmt = CharacterDatabase.CreateStatement(updChars, "UPDATE characters SET online = 0 WHERE account = ?"); + stmt.PExecute(GetAccountId()); + DEBUG_LOG( "SESSION: Sent SMSG_LOGOUT_COMPLETE Message" ); } @@ -675,11 +682,17 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin { uint32 acc = GetAccountId(); + static SqlStatementID delId; + static SqlStatementID insId; + CharacterDatabase.BeginTransaction (); - CharacterDatabase.PExecute("DELETE FROM account_data WHERE account='%u' AND type='%u'", acc, type); - std::string safe_data = data; - CharacterDatabase.escape_string(safe_data); - CharacterDatabase.PExecute("INSERT INTO account_data VALUES ('%u','%u','" UI64FMTD "','%s')", acc, type, uint64(time_), safe_data.c_str()); + + SqlStatement stmt = CharacterDatabase.CreateStatement(delId, "DELETE FROM account_data WHERE account=? AND type=?"); + stmt.PExecute(acc, uint32(type)); + + stmt = CharacterDatabase.CreateStatement(insId, "INSERT INTO account_data VALUES (?,?,?,?)"); + stmt.PExecute(acc, uint32(type), uint64(time_), data.c_str()); + CharacterDatabase.CommitTransaction (); } else @@ -688,11 +701,17 @@ void WorldSession::SetAccountData(AccountDataType type, time_t time_, std::strin if(!m_GUIDLow) return; + static SqlStatementID delId; + static SqlStatementID insId; + CharacterDatabase.BeginTransaction (); - CharacterDatabase.PExecute("DELETE FROM character_account_data WHERE guid='%u' AND type='%u'", m_GUIDLow, type); - std::string safe_data = data; - CharacterDatabase.escape_string(safe_data); - CharacterDatabase.PExecute("INSERT INTO character_account_data VALUES ('%u','%u','" UI64FMTD "','%s')", m_GUIDLow, type, uint64(time_), safe_data.c_str()); + + SqlStatement stmt = CharacterDatabase.CreateStatement(delId, "DELETE FROM character_account_data WHERE guid=? AND type=?"); + stmt.PExecute(m_GUIDLow, uint32(type)); + + stmt = CharacterDatabase.CreateStatement(insId, "INSERT INTO character_account_data VALUES (?,?,?,?)"); + stmt.PExecute(m_GUIDLow, uint32(type), uint64(time_), data.c_str()); + CharacterDatabase.CommitTransaction (); } diff --git a/src/game/WorldSocket.cpp b/src/game/WorldSocket.cpp index 667b0397c..a39cb2632 100644 --- a/src/game/WorldSocket.cpp +++ b/src/game/WorldSocket.cpp @@ -930,13 +930,10 @@ int WorldSocket::HandleAuthSession (WorldPacket& recvPacket) // Update the last_ip in the database // No SQL injection, username escaped. - LoginDatabase.escape_string (address); + static SqlStatementID updAccount; - LoginDatabase.PExecute ("UPDATE account " - "SET last_ip = '%s' " - "WHERE username = '%s'", - address.c_str (), - safe_account.c_str ()); + SqlStatement stmt = LoginDatabase.CreateStatement(updAccount, "UPDATE account SET last_ip = ? WHERE username = ?"); + stmt.PExecute(address.c_str(), account.c_str()); // NOTE ATM the socket is single-threaded, have this in mind ... ACE_NEW_RETURN (m_Session, WorldSession (id, this, AccountTypes(security), expansion, mutetime, locale), -1); diff --git a/src/shared/revision_nr.h b/src/shared/revision_nr.h index d45543772..2b28ba9f6 100644 --- a/src/shared/revision_nr.h +++ b/src/shared/revision_nr.h @@ -1,4 +1,4 @@ #ifndef __REVISION_NR_H__ #define __REVISION_NR_H__ - #define REVISION_NR "11316" + #define REVISION_NR "11317" #endif // __REVISION_NR_H__