diff --git a/src/DAO/MySQLUserDAO.cpp b/src/DAO/MySQLUserDAO.cpp index bbb5086..3d3fccf 100644 --- a/src/DAO/MySQLUserDAO.cpp +++ b/src/DAO/MySQLUserDAO.cpp @@ -22,32 +22,33 @@ string MySQLUserDAO::Create(const user& created_user) const string sql_script = - "INSERT INTO `up_and_down`.`users` (`uuid`, `login`, `hashed_password`) VALUES ('" - + uuid_str + "', '" + created_user.login + "', '" + created_user.hashed_password + "');"s; + "INSERT INTO `up_and_down`.`users` (`uuid`, `login`, `hashed_password`) VALUES (?, ?, ?);"s; - session_.sql(sql_script).execute(); + session_. + sql(sql_script) + .bind(uuid_str, created_user.login, created_user.hashed_password).execute(); return uuid_str; } optional MySQLUserDAO::GetByUUID(const string& uuid) { - const string sql_script = "SELECT * FROM `up_and_down`.`users`"s + - "WHERE (uuid = '"s + uuid + - "') LIMIT 1;"s; + const string sql_script = "SELECT * FROM `up_and_down`.`users` WHERE (uuid = ?) LIMIT 1;"s; mysqlx::SqlResult sql_result = session_. - sql(sql_script).execute(); + sql(sql_script) + .bind(uuid) + .execute(); return GetSingleUserBySQLResult(std::move(sql_result)); } optional MySQLUserDAO::GetByLogin(const string& login) { - const std::string sql_script = "SELECT * FROM `up_and_down`.`users`"s + - " WHERE (login = '"s + login - + "') LIMIT 1;"s; + const std::string sql_script = "SELECT * FROM `up_and_down`.`users` WHERE (login = ?) LIMIT 1;"s; mysqlx::SqlResult sql_result = session_. - sql(sql_script).execute(); + sql(sql_script) + .bind(login) + .execute(); return GetSingleUserBySQLResult(std::move(sql_result)); } @@ -55,9 +56,8 @@ optional MySQLUserDAO::GetByLogin(const string& login) pair> MySQLUserDAO::GetAll(size_t limit, size_t offset) { mysqlx::SqlResult sql_result = session_ - .sql("SELECT * FROM `up_and_down`.`users` "s + - "LIMIT "s + to_string(limit + 1) + - " OFFSET "s + to_string(offset) + ";"s) + .sql("SELECT * FROM `up_and_down`.`users` LIMIT ? OFFSET ?;"s) + .bind(limit, offset) .execute(); list rows = sql_result.fetchAll(); pair> ret;