Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Add support for parameterized SQL queries with argument escaping #221

Merged
merged 3 commits into from
Jan 24, 2025
Merged

Feat: Add support for parameterized SQL queries with argument escaping #221

merged 3 commits into from
Jan 24, 2025

Conversation

iThorgrim
Copy link

@iThorgrim iThorgrim commented Jan 22, 2025
edited
Loading

This pull request introduces a new feature to Eluna, enabling parameterized SQL queries with proper handling of arguments passed from Lua.

Key Changes:

  1. Parameterized Query Support:
    • Allows flexible execution of SQL queries with placeholders (?).
    • Automatically replaces placeholders with arguments provided in Lua, ensuring correct formatting.
  2. Escaping Strings:
    • Properly escapes single quotes (') in string arguments to prevent SQL syntax errors.
    • Handles cases like strings containing special characters (e.g., "Rhahk'Zor" is safely transformed into 'Rhahk''Zor').
  3. Optional Usage:
    • This feature is optional, and developers can still write and execute raw SQL queries without using parameterized placeholders if they prefer.

Test performed :

Lua Script:

-- Function to print query results
local function PrintQueryResult(query_nbr, query)
    if query then
        repeat
            local name = query:GetString(0)
            print(query_nbr, "Creature Name: ", name)
        until not query:NextRow()
    else
        print("No results found.")
    end
end

-- Test with a single argument
local result1 = WorldDBQuery("SELECT `name` FROM `creature_template` WHERE name = ?", "Hogger")

-- Test with a single argument containing an apostrophe
local result2 = WorldDBQuery("SELECT `name` FROM `creature_template` WHERE name = ?", "Rhahk'Zor")

-- Test with multiple arguments
local result3 = WorldDBQuery("SELECT `name` FROM `creature_template` WHERE name = ? AND entry = ?", "Hogger", 448)

-- Test with multiple arguments, including an apostrophe
local result4 = WorldDBQuery("SELECT `name` FROM `creature_template` WHERE name = ? AND entry = ?", "Rhahk'Zor", 644)

Results:
image

@55Honey 55Honey merged commit a5b2182 into azerothcore:master Jan 24, 2025
2 checks passed
@iThorgrim iThorgrim deleted the ParameterizedSQL branch January 24, 2025 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@55Honey 55Honey 55Honey approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@iThorgrim @55Honey