diff --git a/libs/database/searcher.js b/libs/database/searcher.js index 79abac8..bb05f62 100644 --- a/libs/database/searcher.js +++ b/libs/database/searcher.js @@ -2,6 +2,10 @@ import { sqlite } from './init.js' const entriesPerPage = process.env.ENTRIES_PER_PAGE ?? 50 +function simpleSanitize(str) { + return String(str).replace(/\s/g, "") +} + /** * This is a 'general' search function for the sqlite database... * @@ -24,12 +28,11 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin method === "get" ? 0 : parseInt(sqlite .prepare(` - SELECT count(*) FROM $table - ${!matchField ?? "WHERE $matchField = $matchQuery"} + SELECT count(*) FROM ${simpleSanitize(table)} + ${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""} `) .get({ - table, - matchField, matchQuery + matchQuery }) ) @@ -38,15 +41,13 @@ export default function searcher(table, matchField=undefined, matchQuery=undefin const result = sqlite .prepare(` - SELECT * FROM $table - ${!matchField ?? "WHERE $matchField = $matchQuery"} - ${!orderBy ?? `"ORDER BY $orderBy" ${descending === true ? "DESC" : "ASC"}`} + SELECT * FROM ${simpleSanitize(table)} + ${matchField ? `WHERE ${simpleSanitize(matchField)} = $matchQuery` : ""} + ${orderBy ? `ORDER BY ${simpleSanitize(orderBy)} ${descending === true ? "DESC" : "ASC"}` : ""} ${method === "all" ? `LIMIT ${entriesPerPage * (page - 1)}, ${entriesPerPage}` : ""} `) [method === "all" ? "all" : "get"]({ - table, - matchField, matchQuery, - orderBy + matchQuery }) // This check should work?