natto1784/singh3
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sql sanitation

Browse Source
This commit is contained in:
Amneesh Singh
2022-02-14 20:26:34 +05:30
parent f59a2c1b7f
commit 18b19f0695
3 changed files with 67 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
src/commands/count.rs
View File

@@ -18,7 +18,7 @@ use tokio_postgres::Row;
pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult { pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
let query: String = args.raw().collect::<Vec<&str>>().join(" "); let query: String = args.raw().collect::<Vec<&str>>().join(" ");
if query == "" { if query == "" {
msg.reply(ctx, "bruh kitna kya?").await?; msg.reply(ctx, "Count what?").await?;
return Ok(()); return Ok(());
} }
let data_read = ctx.data.read().await; let data_read = ctx.data.read().await;
@@ -29,23 +29,18 @@ pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
let id = msg.author.id.to_string(); let id = msg.author.id.to_string();
let mut query_helper = db let mut query_helper = db
.query( .query("SELECT name FROM words WHERE $1 ~ reg", &[&query])
format!("SELECT name FROM words WHERE '{}' ~ reg", query).as_str(),
&[],
)
.await?; .await?;
if query_helper.is_empty() { if query_helper.is_empty() {
query_helper = db query_helper = db
.query( .query("SELECT name FROM words WHERE name=$1", &[&query])
format!("SELECT name FROM words WHERE name='{}'", query).as_str(),
&[],
)
.await?; .await?;
if query_helper.is_empty() { if query_helper.is_empty() {
msg.reply( msg.reply(
ctx, ctx,
format!( format!(
"No entry for '{}' found. If you want to add it, run ',cadd {}&<regex>'", "No entry for '{}' found. If you want to add it, run `,cadd {}&<regex>`",
query, query query, query
), ),
) )
@@ -60,14 +55,18 @@ pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
}; };
for row in query_helper { for row in query_helper {
let name: &str = row.get(0); let name: &str = row.get(0);
let query_result: i32 = db let count_query = db
.query_one( .query(
format!("SELECT count FROM user{} WHERE name='{}'", id, name).as_str(), format!("SELECT count FROM user{} WHERE name=$1", id).as_str(),
&[], &[&name],
) )
.await? .await?;
.get(0); let query_result = if count_query.is_empty() {
reply = reply + &format!("\n{} count for you: {}", name, query_result); 0
} else {
count_query[0].get(0)
};
reply += &format!("\n{} count for you: {}", name, query_result);
} }
msg.reply(ctx, reply).await?; msg.reply(ctx, reply).await?;
Ok(()) Ok(())
@@ -92,10 +91,7 @@ pub async fn cadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let check_existense = db let check_existense = db
.query( .query("SELECT name, reg FROM words WHERE name=$1", &[&queries[0]])
format!("SELECT name, reg FROM words WHERE name='{}'", queries[0]).as_str(),
&[],
)
.await?; .await?;
if check_existense.len() != 0 { if check_existense.len() != 0 {
let reg: String = check_existense[0].get(1); let reg: String = check_existense[0].get(1);
@@ -107,14 +103,12 @@ pub async fn cadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
return Ok(()); return Ok(());
} }
db.execute( db.execute(
format!( "INSERT INTO words(name, reg, owner) VALUES($1, $2, $3)",
"INSERT INTO words(name, reg, owner) VALUES('{}','(?i){}', '{}')", &[
queries[0], &queries[0],
queries[1], &("(?i)".to_string() + queries[1]),
msg.author.id.to_string() &msg.author.id.to_string(),
) ],
.as_str(),
&[],
) )
.await?; .await?;
msg.reply(ctx, "Added").await?; msg.reply(ctx, "Added").await?;
@@ -135,10 +129,7 @@ pub async fn cremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let owner = db let owner = db
.query( .query("SELECT owner FROM words WHERE name=$1", &[&query])
format!("SELECT owner FROM words WHERE name = '{}'", query).as_str(),
&[],
)
.await?; .await?;
if owner.len() == 1 { if owner.len() == 1 {
let owner_id: String = owner[0].get(0); let owner_id: String = owner[0].get(0);
@@ -147,11 +138,8 @@ pub async fn cremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
return Ok(()); return Ok(());
} }
} }
db.execute( db.execute("DELETE FROM words WHERE name=$1", &[&query])
format!("DELETE FROM words WHERE name='{}'", query,).as_str(), .await?;
&[],
)
.await?;
msg.reply(ctx, "Deleted if it existed").await?; msg.reply(ctx, "Deleted if it existed").await?;
Ok(()) Ok(())
} }
@@ -175,10 +163,7 @@ pub async fn cedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let owner = db let owner = db
.query( .query("SELECT owner FROM words WHERE name=$1", &[&queries[0]])
format!("SELECT owner FROM words WHERE name = '{}'", queries[0]).as_str(),
&[],
)
.await?; .await?;
if owner.len() == 1 { if owner.len() == 1 {
let owner_id: String = owner[0].get(0); let owner_id: String = owner[0].get(0);
@@ -188,12 +173,8 @@ pub async fn cedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
} }
} }
db.execute( db.execute(
format!( "UPDATE words SET reg=$1 WHERE name=$2",
"UPDATE words SET reg='(?i){}' WHERE name='{}'", &[&("(?i)".to_string() + queries[1]), &queries[0]],
queries[1], queries[0]
)
.as_str(),
&[],
) )
.await?; .await?;
msg.reply(ctx, "Changed the value if it existed").await?; msg.reply(ctx, "Changed the value if it existed").await?;
@@ -255,7 +236,10 @@ pub async fn clist(ctx: &Context, msg: &Message, _: Args) -> CommandResult {
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let rows = db let rows = db
.query("SELECT ROW_NUMBER() OVER (ORDER BY id), name, owner FROM words", &[]) .query(
"SELECT ROW_NUMBER() OVER (ORDER BY id), name, owner FROM words",
&[],
)
.await?; .await?;
if rows.is_empty() { if rows.is_empty() {
msg.reply(ctx, "No words stored").await?; msg.reply(ctx, "No words stored").await?;

76
src/commands/tags.rs
View File

@@ -28,20 +28,13 @@ pub async fn tag(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.clone(); .clone();
let query_helper = db let query_helper = db
.query( .query("SELECT name, value FROM tags WHERE name=$1", &[&query])
format!("SELECT name, value FROM tags WHERE name='{}'", query).as_str(),
&[],
)
.await?; .await?;
if query_helper.is_empty() { if query_helper.is_empty() {
let leven = db let leven = db
.query( .query(
format!( "SELECT name FROM tags WHERE levenshtein(name, $1) < 2",
"SELECT name FROM tags WHERE levenshtein(name, '{}') < 2", &[&query],
query
)
.as_str(),
&[],
) )
.await?; .await?;
let l = if leven.is_empty() { let l = if leven.is_empty() {
@@ -84,20 +77,17 @@ pub async fn tadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let check_existense = db let check_existense = db
.query( .query("SELECT name FROM tags WHERE name=$1", &[&queries[0]])
format!("SELECT name FROM tags WHERE name='{}'", queries[0]).as_str(),
&[],
)
.await?; .await?;
if check_existense.len() != 0 { if check_existense.len() != 0 {
msg.reply(ctx, format!("This tag already exists")).await?; msg.reply(ctx, format!("This tag already exists")).await?;
return Ok(()); return Ok(());
} }
db.execute( db.execute(
format!( "INSERT INTO tags(name, value, owner) VALUES($1, $2, $3)",
"INSERT INTO tags(name, value, owner) VALUES('{}','{}', '{}')", &[
queries[0], &queries[0],
format!( &format!(
"{}{}", "{}{}",
if queries.len() == 2 { if queries.len() == 2 {
format!("{}{}", queries[1], '\n') format!("{}{}", queries[1], '\n')
@@ -110,10 +100,8 @@ pub async fn tadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.collect::<Vec<String>>() .collect::<Vec<String>>()
.join("\n") .join("\n")
), ),
msg.author.id.to_string() &msg.author.id.to_string(),
) ],
.as_str(),
&[],
) )
.await?; .await?;
msg.reply(ctx, "Added").await?; msg.reply(ctx, "Added").await?;
@@ -138,24 +126,15 @@ pub async fn tcopy(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let check_existense = db let check_existense = db
.query( .query("SELECT name FROM tags WHERE name=$1", &[&queries[0]])
format!("SELECT name FROM tags WHERE name='{}'", queries[0]).as_str(),
&[],
)
.await?; .await?;
if check_existense.len() == 0 { if check_existense.len() == 0 {
msg.reply(ctx, format!("This tag does not exist")).await?; msg.reply(ctx, format!("This tag does not exist")).await?;
return Ok(()); return Ok(());
} }
db.execute( db.execute(
format!( "INSERT INTO tags(name, value, owner) SELECT $1, value, $2 FROM tags WHERE name=$3",
"INSERT INTO tags(name, value, owner) SELECT '{}', value, '{}' FROM tags WHERE name = '{}'", &[&queries[1], &msg.author.id.to_string(), &queries[0]],
queries[1],
msg.author.id.to_string(),
queries[0]
)
.as_str(),
&[],
) )
.await?; .await?;
msg.reply(ctx, "Copied").await?; msg.reply(ctx, "Copied").await?;
@@ -176,10 +155,7 @@ pub async fn tremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let owner = db let owner = db
.query( .query("SELECT owner FROM tags WHERE name=$1", &[&query])
format!("SELECT owner FROM tags WHERE name = '{}'", query).as_str(),
&[],
)
.await?; .await?;
if owner.len() == 1 { if owner.len() == 1 {
let owner_id: String = owner[0].get(0); let owner_id: String = owner[0].get(0);
@@ -188,11 +164,8 @@ pub async fn tremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
return Ok(()); return Ok(());
} }
} }
db.execute( db.execute("DELETE FROM tags WHERE name=$1", &[&query])
format!("DELETE FROM tags WHERE name='{}'", query,).as_str(), .await?;
&[],
)
.await?;
msg.reply(ctx, "Deleted if it existed").await?; msg.reply(ctx, "Deleted if it existed").await?;
Ok(()) Ok(())
} }
@@ -215,10 +188,7 @@ pub async fn tedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.") .expect("Expected Database in TypeMap.")
.clone(); .clone();
let owner = db let owner = db
.query( .query("SELECT owner FROM tags WHERE name=$1", &[&queries[0]])
format!("SELECT owner FROM tags WHERE name = '{}'", queries[0]).as_str(),
&[],
)
.await?; .await?;
if owner.len() == 1 { if owner.len() == 1 {
let owner_id: String = owner[0].get(0); let owner_id: String = owner[0].get(0);
@@ -228,9 +198,9 @@ pub async fn tedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
} }
} }
db.execute( db.execute(
format!( "UPDATE tags SET value=$1 WHERE name=$2",
"UPDATE tags SET value='{}' WHERE name='{}'", &[
format!( &format!(
"{}{}", "{}{}",
if queries.len() == 2 { if queries.len() == 2 {
format!("{}{}", queries[1], '\n') format!("{}{}", queries[1], '\n')
@@ -243,10 +213,8 @@ pub async fn tedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.collect::<Vec<String>>() .collect::<Vec<String>>()
.join("\n") .join("\n")
), ),
queries[0] &queries[0],
) ],
.as_str(),
&[],
) )
.await?; .await?;
msg.reply(ctx, "Changed the value if it existed").await?; msg.reply(ctx, "Changed the value if it existed").await?;

32
src/handler/count.rs
View File

@@ -18,46 +18,38 @@ pub async fn count(msg: Message, db: std::sync::Arc<Client>) {
&[], &[],
) )
.await .await
.expect("cant create a user table"); .expect("Can't create a user table");
for row in db for row in db
.query("SELECT name, reg FROM words", &[]) .query("SELECT name, reg FROM words", &[])
.await .await
.expect("can't get the words to count") .expect("Can't get the words to count")
{ {
let name: &str = row.get(0); let name: &str = row.get(0);
let regex: Regex = Regex::new(row.get(1)).unwrap(); let regex: Regex = Regex::new(row.get(1)).unwrap();
let count = regex.captures_iter(&msg.content).count(); let count: i32 = regex.captures_iter(&msg.content).count() as i32;
if count > 0 { if count > 0 {
let query_result = db let query_result = db
.query( .query(
format!("SELECT count FROM user{} where name='{}'", id, name).as_str(), format!("SELECT count FROM user{} WHERE name=$1", id).as_str(),
&[], &[&name],
) )
.await .await
.expect("cant select the count"); .expect("Can't select count");
if query_result.is_empty() { if query_result.is_empty() {
db.execute( db.execute(
format!( format!("INSERT INTO user{} (name, count) values ($1, 0)", id).as_str(),
"insert into user{} (name, count) values ('{}', 0)", &[&name],
id, name
)
.as_str(),
&[],
) )
.await .await
.expect("cant insert shit"); .expect("Can't insert count");
} }
db.execute( db.execute(
format!( format!("UPDATE user{} SET count = count + $1 WHERE name=$2", id).as_str(),
"UPDATE user{} SET count = count + {} where name='{}'", &[&count, &name],
id, count, name
)
.as_str(),
&[],
) )
.await .await
.expect("cant update"); .expect("Can't update count");
} }
} }
} }