diff --git a/src/db/GuildManager.cpp b/src/db/GuildManager.cpp index 1191b9e..5fa9dcb 100644 --- a/src/db/GuildManager.cpp +++ b/src/db/GuildManager.cpp @@ -86,6 +86,27 @@ namespace return stmt.Prepare(sql, query.c_str()); } + bool AppendItemAwardValueRow(char* query, size_t querySize, int& queryLen, int rowIndex, const std::string& login, DWORD gold) + { + const std::string escapedLogin = CDBManager::instance().EscapeStringCopy(login.c_str(), login.size()); + const int written = snprintf( + query + queryLen, + querySize - queryLen, + rowIndex == 0 ? "('%s', %d, %u, NOW())" : ",('%s', %d, %u, NOW())", + escapedLogin.c_str(), + ITEM_ELK_VNUM, + gold); + + if (written < 0 || static_cast(written) >= querySize - queryLen) + { + sys_err("WAR_REWARD: item_award batch query buffer exhausted"); + return false; + } + + queryLen += written; + return true; + } + bool LoadGuildRows(const DWORD* guildId, std::vector& rows) { CStmt stmt; @@ -1580,12 +1601,8 @@ void CGuildWarReserve::Draw() while (it != mapBet.end()) { - if (iRow == 0) - iLen += snprintf(szQuery + iLen, sizeof(szQuery) - iLen, "('%s', %d, %u, NOW())", - it->first.c_str(), ITEM_ELK_VNUM, it->second.second); - else - iLen += snprintf(szQuery + iLen, sizeof(szQuery) - iLen, ",('%s', %d, %u, NOW())", - it->first.c_str(), ITEM_ELK_VNUM, it->second.second); + if (!AppendItemAwardValueRow(szQuery, sizeof(szQuery), iLen, iRow, it->first, it->second.second)) + return; it++; @@ -1692,12 +1709,8 @@ void CGuildWarReserve::End(int iScoreFrom, int iScoreTo) DWORD dwGold = (DWORD) (dwTotalBet * ratio * 0.9); - if (iRow == 0) - iLen += snprintf(szQuery + iLen, sizeof(szQuery) - iLen, "('%s', %d, %u, NOW())", - it->first.c_str(), ITEM_ELK_VNUM, dwGold); - else - iLen += snprintf(szQuery + iLen, sizeof(szQuery) - iLen, ",('%s', %d, %u, NOW())", - it->first.c_str(), ITEM_ELK_VNUM, dwGold); + if (!AppendItemAwardValueRow(szQuery, sizeof(szQuery), iLen, iRow, it->first, dwGold)) + return; ++it;