Don't be a fool! Prepare statements!

master
Silverwizard 10 years ago
parent 458a64d046
commit 01c3474c48
  1. 6
      display.rb
  2. 3
      roller.rb

@ -28,9 +28,9 @@ print ' Game<input type="text" name="game" />'
print ' <input type="submit" value="Display Rolls" />'
print ' </form>'
result = $my.query("SELECT * from rolls" + clause)
statement = $my.prepare("SELECT * from rolls" + clause)
result = statement.execute
result.num_rows.times do
puts result.fetch_row.join("\s") + "<br />"
puts result.fetch.join("\s") + "<br />"
end
print '</html>'

@ -4,5 +4,6 @@ require "./die"
require "cgi"
cgi = CGI.new
result = roll(cgi.params["rollstring"][0].to_s)
$my.query("INSERT INTO rolls set result='" + cgi.params["rollstring"][0] + "', roll='" + result.to_s + "', user='" + cgi.params["user"][0] + "', game='" + cgi.params["game"][0] + "'")
statement = $my.prepare("INSERT INTO rolls set result='" + cgi.params["rollstring"][0] + "', roll='" + result.to_s + "', user='" + cgi.params["user"][0] + "', game='" + cgi.params["game"][0] + "'")
statement.execute
puts result

Loading…
Cancel
Save