From c72c0c52991912d6ba1cb5b758f2c38652775419 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=90=D0=BD=D1=82=D0=BE=D0=BD?= <a.sysoev@b2b-center.ru>
Date: Sun, 28 Sep 2025 11:05:19 +0300
Subject: [PATCH] =?UTF-8?q?=D0=A0=D0=B0=D0=B1=D0=BE=D1=87=D0=B0=D1=8F=20?=
 =?UTF-8?q?=D1=81=D0=B1=D0=BE=D1=80=D0=BA=D0=B0=20=D1=81=20=D1=82=D1=80?=
 =?UTF-8?q?=D0=B5=D1=82=D1=8C=D0=B5=D0=B9=20=D1=80=D1=83=D1=87=D0=BA=D0=BE?=
 =?UTF-8?q?=D0=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/DAO/MySQLUserDAO.cpp | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/src/DAO/MySQLUserDAO.cpp b/src/DAO/MySQLUserDAO.cpp
index bbb5086..3d3fccf 100644
--- a/src/DAO/MySQLUserDAO.cpp
+++ b/src/DAO/MySQLUserDAO.cpp
@@ -22,32 +22,33 @@ string MySQLUserDAO::Create(const user& created_user)
 
 
   const string sql_script =
-    "INSERT INTO `up_and_down`.`users` (`uuid`, `login`, `hashed_password`) VALUES ('"
-    + uuid_str + "', '" + created_user.login + "', '" + created_user.hashed_password + "');"s;
+    "INSERT INTO `up_and_down`.`users` (`uuid`, `login`, `hashed_password`) VALUES (?, ?, ?);"s;
 
-  session_.sql(sql_script).execute();
+  session_.
+  sql(sql_script)
+  .bind(uuid_str, created_user.login, created_user.hashed_password).execute();
 
   return uuid_str;
 }
 
 optional<user> MySQLUserDAO::GetByUUID(const string& uuid)
 {
-  const string sql_script = "SELECT * FROM `up_and_down`.`users`"s +
-    "WHERE (uuid = '"s + uuid +
-    "') LIMIT 1;"s;
+  const string sql_script = "SELECT * FROM `up_and_down`.`users` WHERE (uuid = ?) LIMIT 1;"s;
   mysqlx::SqlResult sql_result = session_.
-                                 sql(sql_script).execute();
+                                 sql(sql_script)
+                                 .bind(uuid)
+                                 .execute();
 
   return GetSingleUserBySQLResult(std::move(sql_result));
 }
 
 optional<user> MySQLUserDAO::GetByLogin(const string& login)
 {
-  const std::string sql_script = "SELECT * FROM `up_and_down`.`users`"s +
-    " WHERE (login = '"s + login
-    + "') LIMIT 1;"s;
+  const std::string sql_script = "SELECT * FROM `up_and_down`.`users` WHERE (login = ?) LIMIT 1;"s;
   mysqlx::SqlResult sql_result = session_.
-                                 sql(sql_script).execute();
+                                 sql(sql_script)
+                                 .bind(login)
+                                 .execute();
 
   return GetSingleUserBySQLResult(std::move(sql_result));
 }
@@ -55,9 +56,8 @@ optional<user> MySQLUserDAO::GetByLogin(const string& login)
 pair<bool, vector<user>> MySQLUserDAO::GetAll(size_t limit, size_t offset)
 {
   mysqlx::SqlResult sql_result = session_
-                                 .sql("SELECT * FROM `up_and_down`.`users` "s +
-                                   "LIMIT "s + to_string(limit + 1) +
-                                   " OFFSET "s + to_string(offset) + ";"s)
+                                 .sql("SELECT * FROM `up_and_down`.`users` LIMIT ? OFFSET ?;"s)
+                                 .bind(limit, offset)
                                  .execute();
   list<mysqlx::Row> rows = sql_result.fetchAll();
   pair<bool, vector<user>> ret;