Fixed SQL bullshit...
This commit is contained in:
parent
0c234c89d9
commit
f91be3aa28
|
@ -2,6 +2,10 @@ import { sqlite } from './init.js'
|
|||
|
||||
const entriesPerPage = process.env.ENTRIES_PER_PAGE ?? 50
|
||||
|
||||
function simpleSanitize(str) {
|
||||
return String(str).replace(/\s/g, "")
|
||||
}
|
||||
|
||||
/**
|
||||
* This is a 'general' search function for the sqlite database...
|
||||
*
|
||||
|
@ -24,12 +28,11 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin
|
|||
method === "get" ? 0 :
|
||||
parseInt(sqlite
|
||||
.prepare(`
|
||||
SELECT count(*) FROM $table
|
||||
${!matchField ?? "WHERE $matchField = $matchQuery"}
|
||||
SELECT count(*) FROM ${simpleSanitize(table)}
|
||||
${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""}
|
||||
`)
|
||||
.get({
|
||||
table,
|
||||
matchField, matchQuery
|
||||
matchQuery
|
||||
})
|
||||
)
|
||||
|
||||
|
@ -38,15 +41,13 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin
|
|||
|
||||
const result = sqlite
|
||||
.prepare(`
|
||||
SELECT * FROM $table
|
||||
${!matchField ?? "WHERE $matchField = $matchQuery"}
|
||||
${!orderBy ?? `"ORDER BY $orderBy" ${descending === true ? "DESC" : "ASC"}`}
|
||||
SELECT * FROM ${simpleSanitize(table)}
|
||||
${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""}
|
||||
${orderBy ? `ORDER BY ${simpleSanitize(orderBy)} ${descending === true ? "DESC" : "ASC"}` : ""}
|
||||
${method === "all" ? `LIMIT ${entriesPerPage * (page - 1)}, ${entriesPerPage}` : ""}
|
||||
`)
|
||||
[method === "all" ? "all" : "get"]({
|
||||
table,
|
||||
matchField, matchQuery,
|
||||
orderBy
|
||||
matchQuery
|
||||
})
|
||||
|
||||
// This check should work?
|
||||
|
|
Loading…
Reference in New Issue
Block a user