diff options
| -rw-r--r-- | db.go | 8 | ||||
| -rw-r--r-- | main.go | 39 |
2 files changed, 15 insertions, 32 deletions
@@ -68,11 +68,3 @@ func getpid(id string) int { } return pid } - -func execute(sql string) os.Error { - err := db.Query(sql) - if err != nil { - log.Println(err) - } - return err -} @@ -73,13 +73,8 @@ func add(w http.ResponseWriter, r *http.Request) { http.Error(w, err.String(), http.StatusInternalServerError) return } - sql := "INSERT INTO `song` (`pid`,`yid`,`title`,`user`,`order`) VALUES(%d,'%s','%s','%s','%d')" - sql = fmt.Sprintf(sql, pid, - db.Escape(q.Get("yid")), - db.Escape(q.Get("title")), - db.Escape(q.Get("user")), - maxOrder + 1) - err = execute(sql) + _, err = prepare("INSERT INTO `song` (`pid`,`yid`,`title`,`user`,`order`) VALUES(?, ?, ?, ?, ?)", + pid, q.Get("yid"), q.Get("title"), q.Get("user"), maxOrder + 1) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) @@ -111,25 +106,23 @@ func remove(w http.ResponseWriter, r *http.Request) { } order, err := queryInt("SELECT `order` FROM `song` WHERE `yid` = ? AND `pid` = ?", - q.Get("yid"), pid) + q.Get("yid"), pid) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) return } - sql := "DELETE FROM `song` WHERE `pid` = %d AND yid = '%s'" - sql = fmt.Sprintf(sql, pid, db.Escape(q.Get("yid"))) - err = execute(sql) + _, err = prepare("DELETE FROM `song` WHERE `pid` = ? AND yid = ?", + pid, q.Get("yid")) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) return } - sql = "UPDATE `song` SET `order` = `order`-1 WHERE `order` > %d AND `pid` = %d" - sql = fmt.Sprintf(sql, order, pid) - err = execute(sql) + _, err = prepare("UPDATE `song` SET `order` = `order`-1 WHERE `order` > ? AND `pid` = ?", + order, pid) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) @@ -167,7 +160,7 @@ func move(w http.ResponseWriter, r *http.Request) { } order, err := queryInt("SELECT `order` FROM `song` WHERE `yid` = ? AND `pid` = ?", - q.Get("yid"), pid) + q.Get("yid"), pid) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) @@ -184,22 +177,20 @@ func move(w http.ResponseWriter, r *http.Request) { return } - sql := "UPDATE `song` SET `order` = %d WHERE `order` = %d AND pid = %d" - sql = fmt.Sprintf(sql, order, newOrder, pid) - err = execute(sql) + query, err := prepare("UPDATE `song` SET `order` = ? WHERE `order` = ? AND `pid` = ?", + order, newOrder, pid) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) return - } else if db.AffectedRows != 1 { + } else if query.AffectedRows != 1 { db.Rollback() http.Error(w, "invalid direction for this song", http.StatusBadRequest) return } // there are now two songs with that order, so also check yid - sql = "UPDATE `song` SET `order` = %d WHERE `order` = %d AND pid = %d AND yid = '%s'" - sql = fmt.Sprintf(sql, newOrder, order, pid, q.Get("yid")) - err = db.Query(sql) + _, err = prepare("UPDATE `song` SET `order` = ? WHERE `order` = ? AND `pid` = ? AND `yid` = ?", + newOrder, order, pid, q.Get("yid")) if err != nil { db.Rollback() http.Error(w, err.String(), http.StatusInternalServerError) @@ -221,8 +212,8 @@ func poll(w http.ResponseWriter, r *http.Request) { timestamp := q.Get("timestamp") if timestamp == "0" { query, err := prepare( - "SELECT `yid`,`title`,`user` FROM `playlist` JOIN `song` WHERE `id` = ? ORDER BY `order` ASC", - q.Get("pid")) + "SELECT `yid`,`title`,`user` FROM `playlist` JOIN `song` WHERE `id` = ? ORDER BY `order` ASC", + q.Get("pid")) updates := make([]Update, 0, 2) for { |