AstralTransRocketries/MCGalaxy
1
0
Fork 0
mirror of https://github.com/ClassiCube/MCGalaxy.git synced 2025-09-18 11:48:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

More Execute instead of executeQuery and Fill instead of fillData for Database. calls.

Browse Source
This commit is contained in:
UnknownShadow200 2016-07-26 16:53:35 +10:00
parent 06de285989
commit a6597f8dfd
8 changed files with 28 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Blocks/Behaviour/WalkthroughBehaviour.cs
View File

@ -38,8 +38,8 @@ namespace MCGalaxy.BlockBehaviour {
p.RevertBlock(x, y, z);
try {
//safe against SQL injections because no user input is given here
DataTable Portals = Database.fillData("SELECT * FROM `Portals" + p.level.name +
"` WHERE EntryX=" + x + " AND EntryY=" + y + " AND EntryZ=" + z);
DataTable Portals = Database.Fill("SELECT * FROM `Portals" + p.level.name +
"` WHERE EntryX=@0 AND EntryY=@1 AND EntryZ=@2", x, y, z);
int last = Portals.Rows.Count - 1;
if (last == -1) { Portals.Dispose(); return true; }
byte rotX = p.rot[0], rotY = p.rot[1];
@ -75,8 +75,8 @@ namespace MCGalaxy.BlockBehaviour {
p.RevertBlock(x, y, z);
try {
//safe against SQL injections because no user input is given here
DataTable Messages = Database.fillData("SELECT * FROM `Messages" + p.level.name +
"` WHERE X=" + x + " AND Y=" + y + " AND Z=" + z);
DataTable Messages = Database.Fill("SELECT * FROM `Messages" + p.level.name +
"` WHERE X=@0 AND Y=@1 AND Z=@2", x, y, z);
int last = Messages.Rows.Count - 1;
if (last == -1) { Messages.Dispose(); return true; }
string message = Messages.Rows[last]["Message"].ToString().Trim();

4
Commands/Chat/CmdInbox.cs
View File

@ -37,7 +37,7 @@ namespace MCGalaxy.Commands {
if (message == "") {
//safe against SQL injections because no user input is given here
using (DataTable Inbox = Database.fillData("SELECT * FROM `Inbox" + p.name + "` ORDER BY TimeSent")) {
using (DataTable Inbox = Database.Fill("SELECT * FROM `Inbox" + p.name + "` ORDER BY TimeSent")) {
if (Inbox.Rows.Count == 0) { Player.Message(p, "No messages found."); return; }
int i = 0;
foreach (DataRow row in Inbox.Rows) {
@ -85,7 +85,7 @@ namespace MCGalaxy.Commands {
if (num < 0) { Player.Message(p, "Message number must be greater than or equal to 0."); return; }
//safe against SQL injections because no user input is given here
using (DataTable Inbox = Database.fillData("SELECT * FROM `Inbox" + p.name + "` ORDER BY TimeSent")) {
using (DataTable Inbox = Database.Fill("SELECT * FROM `Inbox" + p.name + "` ORDER BY TimeSent")) {
if (num >= Inbox.Rows.Count) {
Player.Message(p, "Message number \"" + num + "\" does not exist."); Inbox.Dispose(); return;
}

3
Commands/Information/CmdAbout.cs
View File

@ -50,7 +50,8 @@ namespace MCGalaxy.Commands {
bool foundOne = false;
//safe against SQL injections because no user input is given here
DataTable Blocks = Database.fillData("SELECT * FROM `Block" + p.level.name + "` WHERE X=" + (int)x + " AND Y=" + (int)y + " AND Z=" + (int)z);
DataTable Blocks = Database.Fill("SELECT * FROM `Block" + p.level.name +
"` WHERE X=@0 AND Y=@1 AND Z=@2", x, y, z);
for (int i = 0; i < Blocks.Rows.Count; i++) {
foundOne = true;
DataRow row = Blocks.Rows[i];

15
Commands/building/CmdMessageBlock.cs
View File

@ -106,16 +106,13 @@ namespace MCGalaxy.Commands.Building {
cpos.message = cpos.message.Replace("'", "\\'");
cpos.message = Colors.EscapeColors(cpos.message);
//safe against SQL injections because no user input is given here
ParameterisedQuery query = ParameterisedQuery.Create();
DataTable Messages = Database.fillData(query, "SELECT * FROM `Messages" + p.level.name + "` WHERE X=" + x + " AND Y=" + y + " AND Z=" + z);
query.AddParam("@Message", cpos.message);
if (Messages.Rows.Count == 0)
Database.executeQuery(query, "INSERT INTO `Messages" + p.level.name + "` (X, Y, Z, Message) VALUES (" + x + ", " + y + ", " + z + ", @Message)");
else
Database.executeQuery(query, "UPDATE `Messages" + p.level.name + "` SET Message=@Message WHERE X=" + x + " AND Y=" + y + " AND Z=" + z);
DataTable Messages = Database.Fill("SELECT * FROM `Messages" + p.level.name + "` WHERE X=@0 AND Y=@1 AND Z=@2", x, y, z);
Messages.Dispose();
string syntax = Messages.Rows.Count == 0 ?
"INSERT INTO `Messages" + p.level.name + "` (X, Y, Z, Message) VALUES (@0, @1, @2, @3)"
: "UPDATE `Messages" + p.level.name + "` SET X=@0, Y=@1, Z=@2, Message=@3";
Database.Execute(syntax, x, y, z, cpos.message);
}
struct CatchPos { public string message; public byte type; }

19
Commands/building/CmdPortal.cs
View File

@ -91,17 +91,14 @@ namespace MCGalaxy.Commands.Building {
foreach (PortalPos pos in bp.entries) {
//safe against SQL injections because no user input is given here
DataTable Portals = Database.fillData("SELECT * FROM `Portals" + pos.mapName + "` WHERE EntryX=" + (int)pos.x + " AND EntryY=" + (int)pos.y + " AND EntryZ=" + (int)pos.z);
DataTable Portals = Database.Fill("SELECT * FROM `Portals" + pos.mapName +
"` WHERE EntryX=@0 AND EntryY=@1 AND EntryZ=@2", pos.x, pos.y, pos.z);
Portals.Dispose();
if (Portals.Rows.Count == 0) {//safe against SQL injections because no user input is given here
Database.executeQuery("INSERT INTO `Portals" + pos.mapName + "` (EntryX, EntryY, EntryZ, ExitMap, ExitX, ExitY, ExitZ) VALUES ("
+ (int)pos.x + ", " + (int)pos.y + ", " + (int)pos.z + ", '" + p.level.name + "', " + (int)x + ", " + (int)y + ", " + (int)z + ")");
} else {//safe against SQL injections because no user input is given here
Database.executeQuery("UPDATE `Portals" + pos.mapName + "` SET ExitMap='" + p.level.name + "', ExitX=" + (int)x + ", ExitY=" + (int)y + ", ExitZ=" +
(int)z + " WHERE EntryX=" + (int)pos.x + " AND EntryY=" + (int)pos.y + " AND EntryZ=" + (int)pos.z);
}
//DB
string syntax = Portals.Rows.Count == 0 ?
"INSERT INTO `Portals" + pos.mapName + "` (EntryX, EntryY, EntryZ, ExitX, ExitY, ExitZ, ExitMap) VALUES (@0, @1, @2, @3, @4, @5, @6)"
: "UPDATE `Portals" + pos.mapName + "` SET ExitMap=@6, ExitX=@3, ExitY=@4, ExitZ=@5 WHERE EntryX=@0 AND EntryY=@1 AND EntryZ=@2";
Database.Execute(syntax, pos.x, pos.y, pos.z, x, y, z, p.level.name);
if (pos.mapName == p.level.name)
p.SendBlockchange(pos.x, pos.y, pos.z, bp.type);
@ -120,7 +117,7 @@ namespace MCGalaxy.Commands.Building {
void ShowPortals(Player p) {
p.showPortals = !p.showPortals;
//safe against SQL injections because no user input is given here
DataTable Portals = Database.fillData("SELECT * FROM `Portals" + p.level.name + "`");
DataTable Portals = Database.Fill("SELECT * FROM `Portals" + p.level.name + "`");
if (p.showPortals) {
foreach (DataRow row in Portals.Rows) {

4
Database/Database.cs
View File

@ -56,13 +56,13 @@ namespace MCGalaxy.SQL {
}
[Obsolete("Use Fill() method instead.")]
public static DataTable fillData(string queryString) {
public static DataTable fillData(string queryString, bool skipError = false) {
ParameterisedQuery query = Server.useMySQL ? MySQL.query : SQLite.query;
return Fill(query, queryString, null);
}
[Obsolete("Use Fill() method instead.")]
public static DataTable fillData(ParameterisedQuery query, string queryString) {
public static DataTable fillData(ParameterisedQuery query, string queryString, bool skipError = false) {
return Fill(query, queryString, null);
}

8
Economy/Economy.cs
View File

@ -113,11 +113,9 @@ namespace MCGalaxy {
}
public static EcoStats RetrieveEcoStats(string playername) {
EcoStats es;
EcoStats es = default(EcoStats);
es.playerName = playername;
ParameterisedQuery query = ParameterisedQuery.Create();
query.AddParam("@Name", playername);
using (DataTable eco = Database.fillData(query, "SELECT * FROM Economy WHERE player=@Name")) {
using (DataTable eco = Database.Fill("SELECT * FROM Economy WHERE player=@0", playername)) {
if (eco.Rows.Count >= 1) {
es.money = int.Parse(eco.Rows[0]["money"].ToString());
es.totalSpent = int.Parse(eco.Rows[0]["total"].ToString());
@ -126,8 +124,6 @@ namespace MCGalaxy {
es.salary = eco.Rows[0]["salary"].ToString();
es.fine = eco.Rows[0]["fine"].ToString();
} else {
es.money = 0;
es.totalSpent = 0;
es.purchase = "%cNone";
es.payment = "%cNone";
es.salary = "%cNone";

4
Levels/LevelDB.cs
View File

@ -158,8 +158,8 @@ namespace MCGalaxy {
}
public static void CreateZone(string level, Level.Zone zn) {
Database.Execute("INSERT INTO `Zone" + level + "` (Owner, SmallX, SmallY, SmallZ, " +
"BigX, BigY, BigZ, Owner) VALUES (@0, @1, @2, @3, @4, @5, @6)",
Database.Execute("INSERT INTO `Zone" + level + "` (Owner, SmallX, SmallY, " +
"SmallZ, BigX, BigY, BigZ) VALUES (@0, @1, @2, @3, @4, @5, @6)",
zn.Owner, zn.smallX, zn.smallY, zn.smallZ, zn.bigX, zn.bigY, zn.bigZ);
}