Character *load_player_by_name(Connection *conn, const char *name) { char buf[400]; sql_stmt *stmt; db_begin_transaction(); int len = sprintf(buf, "select * from character natural join player where name='%s'", escape_sql_str(name)); if (sql_query(buf, len, &stmt) != SQL_OK) { log_data("could not prepare sql statement"); return 0; } Character *ch = new_char(); ch->pc = new_player(conn); if (sql_step(stmt) != SQL_DONE) { load_player_columns(conn->account, ch, stmt); } if (sql_finalize(stmt) != SQL_OK) { log_data("unable to finalize statement"); } load_char_objs(ch); load_char_affects(ch); db_end_transaction(); return ch; }
static int quote_sql_str(lua_State *L) { size_t len, dlen, escape; unsigned char *p; unsigned char *src, *dst; if (lua_gettop(L) != 1) { return luaL_error(L, "expecting one argument"); } src = (unsigned char *) luaL_checklstring(L, 1, &len); if (len == 0) { dst = (unsigned char *) "''"; dlen = sizeof("''") - 1; lua_pushlstring(L, (char *) dst, dlen); return 1; } escape = num_escape_sql_str(NULL, src, len); dlen = sizeof("''") - 1 + len + escape; p = lua_newuserdata(L, dlen); dst = p; *p++ = '\''; if (escape == 0) { memcpy(p, src, len); p+=len; } else { p = (unsigned char *) escape_sql_str(p, src, len); } *p++ = '\''; if (p != dst + dlen) { return luaL_error(L, "quote sql string error"); } lua_pushlstring(L, (char *) dst, p - dst); return 1; }