Fixed SQL bullshit...

This commit is contained in:
BurnyLlama 2021-11-01 19:51:31 +01:00
parent 0c234c89d9
commit f91be3aa28

View File

@ -2,6 +2,10 @@ import { sqlite } from './init.js'
const entriesPerPage = process.env.ENTRIES_PER_PAGE ?? 50
function simpleSanitize(str) {
return String(str).replace(/\s/g, "")
}
/**
* This is a 'general' search function for the sqlite database...
*
@ -24,12 +28,11 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin
method === "get" ? 0 :
parseInt(sqlite
.prepare(`
SELECT count(*) FROM $table
${!matchField ?? "WHERE $matchField = $matchQuery"}
SELECT count(*) FROM ${simpleSanitize(table)}
${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""}
`)
.get({
table,
matchField, matchQuery
matchQuery
})
)
@ -38,15 +41,13 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin
const result = sqlite
.prepare(`
SELECT * FROM $table
${!matchField ?? "WHERE $matchField = $matchQuery"}
${!orderBy ?? `"ORDER BY $orderBy" ${descending === true ? "DESC" : "ASC"}`}
SELECT * FROM ${simpleSanitize(table)}
${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""}
${orderBy ? `ORDER BY ${simpleSanitize(orderBy)} ${descending === true ? "DESC" : "ASC"}` : ""}
${method === "all" ? `LIMIT ${entriesPerPage * (page - 1)}, ${entriesPerPage}` : ""}
`)
[method === "all" ? "all" : "get"]({
table,
matchField, matchQuery,
orderBy
matchQuery
})
// This check should work?