natto1784/singh3
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

sql sanitation

Browse Source
This commit is contained in:
Amneesh Singh
2022-02-14 20:26:34 +05:30
parent f59a2c1b7f
commit 18b19f0695
3 changed files with 67 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
src/commands/count.rs
View File

@@ -18,7 +18,7 @@ use tokio_postgres::Row;
pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
let query: String = args.raw().collect::<Vec<&str>>().join(" ");
if query == "" {
msg.reply(ctx, "bruh kitna kya?").await?;
msg.reply(ctx, "Count what?").await?;
return Ok(());
}
let data_read = ctx.data.read().await;
@@ -29,23 +29,18 @@ pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
let id = msg.author.id.to_string();
let mut query_helper = db
.query(
format!("SELECT name FROM words WHERE '{}' ~ reg", query).as_str(),
&[],
)
.query("SELECT name FROM words WHERE $1 ~ reg", &[&query])
.await?;
if query_helper.is_empty() {
query_helper = db
.query(
format!("SELECT name FROM words WHERE name='{}'", query).as_str(),
&[],
)
.query("SELECT name FROM words WHERE name=$1", &[&query])
.await?;
if query_helper.is_empty() {
msg.reply(
ctx,
format!(
"No entry for '{}' found. If you want to add it, run ',cadd {}&<regex>'",
"No entry for '{}' found. If you want to add it, run `,cadd {}&<regex>`",
query, query
),
)
@@ -60,14 +55,18 @@ pub async fn count(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
};
for row in query_helper {
let name: &str = row.get(0);
let query_result: i32 = db
.query_one(
format!("SELECT count FROM user{} WHERE name='{}'", id, name).as_str(),
&[],
let count_query = db
.query(
format!("SELECT count FROM user{} WHERE name=$1", id).as_str(),
&[&name],
)
.await?
.get(0);
reply = reply + &format!("\n{} count for you: {}", name, query_result);
.await?;
let query_result = if count_query.is_empty() {
0
} else {
count_query[0].get(0)
};
reply += &format!("\n{} count for you: {}", name, query_result);
}
msg.reply(ctx, reply).await?;
Ok(())
@@ -92,10 +91,7 @@ pub async fn cadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.")
.clone();
let check_existense = db
.query(
format!("SELECT name, reg FROM words WHERE name='{}'", queries[0]).as_str(),
&[],
)
.query("SELECT name, reg FROM words WHERE name=$1", &[&queries[0]])
.await?;
if check_existense.len() != 0 {
let reg: String = check_existense[0].get(1);
@@ -107,14 +103,12 @@ pub async fn cadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
return Ok(());
}
db.execute(
format!(
"INSERT INTO words(name, reg, owner) VALUES('{}','(?i){}', '{}')",
queries[0],
queries[1],
msg.author.id.to_string()
)
.as_str(),
&[],
"INSERT INTO words(name, reg, owner) VALUES($1, $2, $3)",
&[
&queries[0],
&("(?i)".to_string() + queries[1]),
&msg.author.id.to_string(),
],
)
.await?;
msg.reply(ctx, "Added").await?;
@@ -135,10 +129,7 @@ pub async fn cremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
.expect("Expected Database in TypeMap.")
.clone();
let owner = db
.query(
format!("SELECT owner FROM words WHERE name = '{}'", query).as_str(),
&[],
)
.query("SELECT owner FROM words WHERE name=$1", &[&query])
.await?;
if owner.len() == 1 {
let owner_id: String = owner[0].get(0);
@@ -147,10 +138,7 @@ pub async fn cremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
return Ok(());
}
}
db.execute(
format!("DELETE FROM words WHERE name='{}'", query,).as_str(),
&[],
)
db.execute("DELETE FROM words WHERE name=$1", &[&query])
.await?;
msg.reply(ctx, "Deleted if it existed").await?;
Ok(())
@@ -175,10 +163,7 @@ pub async fn cedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.")
.clone();
let owner = db
.query(
format!("SELECT owner FROM words WHERE name = '{}'", queries[0]).as_str(),
&[],
)
.query("SELECT owner FROM words WHERE name=$1", &[&queries[0]])
.await?;
if owner.len() == 1 {
let owner_id: String = owner[0].get(0);
@@ -188,12 +173,8 @@ pub async fn cedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
}
}
db.execute(
format!(
"UPDATE words SET reg='(?i){}' WHERE name='{}'",
queries[1], queries[0]
)
.as_str(),
&[],
"UPDATE words SET reg=$1 WHERE name=$2",
&[&("(?i)".to_string() + queries[1]), &queries[0]],
)
.await?;
msg.reply(ctx, "Changed the value if it existed").await?;
@@ -255,7 +236,10 @@ pub async fn clist(ctx: &Context, msg: &Message, _: Args) -> CommandResult {
.expect("Expected Database in TypeMap.")
.clone();
let rows = db
.query("SELECT ROW_NUMBER() OVER (ORDER BY id), name, owner FROM words", &[])
.query(
"SELECT ROW_NUMBER() OVER (ORDER BY id), name, owner FROM words",
&[],
)
.await?;
if rows.is_empty() {
msg.reply(ctx, "No words stored").await?;

74
src/commands/tags.rs
View File

@@ -28,20 +28,13 @@ pub async fn tag(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.clone();
let query_helper = db
.query(
format!("SELECT name, value FROM tags WHERE name='{}'", query).as_str(),
&[],
)
.query("SELECT name, value FROM tags WHERE name=$1", &[&query])
.await?;
if query_helper.is_empty() {
let leven = db
.query(
format!(
"SELECT name FROM tags WHERE levenshtein(name, '{}') < 2",
query
)
.as_str(),
&[],
"SELECT name FROM tags WHERE levenshtein(name, $1) < 2",
&[&query],
)
.await?;
let l = if leven.is_empty() {
@@ -84,20 +77,17 @@ pub async fn tadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.")
.clone();
let check_existense = db
.query(
format!("SELECT name FROM tags WHERE name='{}'", queries[0]).as_str(),
&[],
)
.query("SELECT name FROM tags WHERE name=$1", &[&queries[0]])
.await?;
if check_existense.len() != 0 {
msg.reply(ctx, format!("This tag already exists")).await?;
return Ok(());
}
db.execute(
format!(
"INSERT INTO tags(name, value, owner) VALUES('{}','{}', '{}')",
queries[0],
format!(
"INSERT INTO tags(name, value, owner) VALUES($1, $2, $3)",
&[
&queries[0],
&format!(
"{}{}",
if queries.len() == 2 {
format!("{}{}", queries[1], '\n')
@@ -110,10 +100,8 @@ pub async fn tadd(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.collect::<Vec<String>>()
.join("\n")
),
msg.author.id.to_string()
)
.as_str(),
&[],
&msg.author.id.to_string(),
],
)
.await?;
msg.reply(ctx, "Added").await?;
@@ -138,24 +126,15 @@ pub async fn tcopy(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.")
.clone();
let check_existense = db
.query(
format!("SELECT name FROM tags WHERE name='{}'", queries[0]).as_str(),
&[],
)
.query("SELECT name FROM tags WHERE name=$1", &[&queries[0]])
.await?;
if check_existense.len() == 0 {
msg.reply(ctx, format!("This tag does not exist")).await?;
return Ok(());
}
db.execute(
format!(
"INSERT INTO tags(name, value, owner) SELECT '{}', value, '{}' FROM tags WHERE name = '{}'",
queries[1],
msg.author.id.to_string(),
queries[0]
)
.as_str(),
&[],
"INSERT INTO tags(name, value, owner) SELECT $1, value, $2 FROM tags WHERE name=$3",
&[&queries[1], &msg.author.id.to_string(), &queries[0]],
)
.await?;
msg.reply(ctx, "Copied").await?;
@@ -176,10 +155,7 @@ pub async fn tremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
.expect("Expected Database in TypeMap.")
.clone();
let owner = db
.query(
format!("SELECT owner FROM tags WHERE name = '{}'", query).as_str(),
&[],
)
.query("SELECT owner FROM tags WHERE name=$1", &[&query])
.await?;
if owner.len() == 1 {
let owner_id: String = owner[0].get(0);
@@ -188,10 +164,7 @@ pub async fn tremove(ctx: &Context, msg: &Message, args: Args) -> CommandResult
return Ok(());
}
}
db.execute(
format!("DELETE FROM tags WHERE name='{}'", query,).as_str(),
&[],
)
db.execute("DELETE FROM tags WHERE name=$1", &[&query])
.await?;
msg.reply(ctx, "Deleted if it existed").await?;
Ok(())
@@ -215,10 +188,7 @@ pub async fn tedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.expect("Expected Database in TypeMap.")
.clone();
let owner = db
.query(
format!("SELECT owner FROM tags WHERE name = '{}'", queries[0]).as_str(),
&[],
)
.query("SELECT owner FROM tags WHERE name=$1", &[&queries[0]])
.await?;
if owner.len() == 1 {
let owner_id: String = owner[0].get(0);
@@ -228,9 +198,9 @@ pub async fn tedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
}
}
db.execute(
format!(
"UPDATE tags SET value='{}' WHERE name='{}'",
format!(
"UPDATE tags SET value=$1 WHERE name=$2",
&[
&format!(
"{}{}",
if queries.len() == 2 {
format!("{}{}", queries[1], '\n')
@@ -243,10 +213,8 @@ pub async fn tedit(ctx: &Context, msg: &Message, args: Args) -> CommandResult {
.collect::<Vec<String>>()
.join("\n")
),
queries[0]
)
.as_str(),
&[],
&queries[0],
],
)
.await?;
msg.reply(ctx, "Changed the value if it existed").await?;

32
src/handler/count.rs
View File

@@ -18,46 +18,38 @@ pub async fn count(msg: Message, db: std::sync::Arc<Client>) {
&[],
)
.await
.expect("cant create a user table");
.expect("Can't create a user table");
for row in db
.query("SELECT name, reg FROM words", &[])
.await
.expect("can't get the words to count")
.expect("Can't get the words to count")
{
let name: &str = row.get(0);
let regex: Regex = Regex::new(row.get(1)).unwrap();
let count = regex.captures_iter(&msg.content).count();
let count: i32 = regex.captures_iter(&msg.content).count() as i32;
if count > 0 {
let query_result = db
.query(
format!("SELECT count FROM user{} where name='{}'", id, name).as_str(),
&[],
format!("SELECT count FROM user{} WHERE name=$1", id).as_str(),
&[&name],
)
.await
.expect("cant select the count");
.expect("Can't select count");
if query_result.is_empty() {
db.execute(
format!(
"insert into user{} (name, count) values ('{}', 0)",
id, name
)
.as_str(),
&[],
format!("INSERT INTO user{} (name, count) values ($1, 0)", id).as_str(),
&[&name],
)
.await
.expect("cant insert shit");
.expect("Can't insert count");
}
db.execute(
format!(
"UPDATE user{} SET count = count + {} where name='{}'",
id, count, name
)
.as_str(),
&[],
format!("UPDATE user{} SET count = count + $1 WHERE name=$2", id).as_str(),
&[&count, &name],
)
.await
.expect("cant update");
.expect("Can't update count");
}
}
}