|
|
@@ -73,13 +73,8 @@ func add(w http.ResponseWriter, r *http.Request) {
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
return
|
|
|
}
|
|
|
- sql := "INSERT INTO `song` (`pid`,`yid`,`title`,`user`,`order`) VALUES(%d,'%s','%s','%s','%d')"
|
|
|
- sql = fmt.Sprintf(sql, pid,
|
|
|
- db.Escape(q.Get("yid")),
|
|
|
- db.Escape(q.Get("title")),
|
|
|
- db.Escape(q.Get("user")),
|
|
|
- maxOrder + 1)
|
|
|
- err = execute(sql)
|
|
|
+ _, err = prepare("INSERT INTO `song` (`pid`,`yid`,`title`,`user`,`order`) VALUES(?, ?, ?, ?, ?)",
|
|
|
+ pid, q.Get("yid"), q.Get("title"), q.Get("user"), maxOrder + 1)
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
@@ -111,25 +106,23 @@ func remove(w http.ResponseWriter, r *http.Request) {
|
|
|
}
|
|
|
|
|
|
order, err := queryInt("SELECT `order` FROM `song` WHERE `yid` = ? AND `pid` = ?",
|
|
|
- q.Get("yid"), pid)
|
|
|
+ q.Get("yid"), pid)
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- sql := "DELETE FROM `song` WHERE `pid` = %d AND yid = '%s'"
|
|
|
- sql = fmt.Sprintf(sql, pid, db.Escape(q.Get("yid")))
|
|
|
- err = execute(sql)
|
|
|
+ _, err = prepare("DELETE FROM `song` WHERE `pid` = ? AND yid = ?",
|
|
|
+ pid, q.Get("yid"))
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- sql = "UPDATE `song` SET `order` = `order`-1 WHERE `order` > %d AND `pid` = %d"
|
|
|
- sql = fmt.Sprintf(sql, order, pid)
|
|
|
- err = execute(sql)
|
|
|
+ _, err = prepare("UPDATE `song` SET `order` = `order`-1 WHERE `order` > ? AND `pid` = ?",
|
|
|
+ order, pid)
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
@@ -167,7 +160,7 @@ func move(w http.ResponseWriter, r *http.Request) {
|
|
|
}
|
|
|
|
|
|
order, err := queryInt("SELECT `order` FROM `song` WHERE `yid` = ? AND `pid` = ?",
|
|
|
- q.Get("yid"), pid)
|
|
|
+ q.Get("yid"), pid)
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
@@ -184,22 +177,20 @@ func move(w http.ResponseWriter, r *http.Request) {
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- sql := "UPDATE `song` SET `order` = %d WHERE `order` = %d AND pid = %d"
|
|
|
- sql = fmt.Sprintf(sql, order, newOrder, pid)
|
|
|
- err = execute(sql)
|
|
|
+ query, err := prepare("UPDATE `song` SET `order` = ? WHERE `order` = ? AND `pid` = ?",
|
|
|
+ order, newOrder, pid)
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
return
|
|
|
- } else if db.AffectedRows != 1 {
|
|
|
+ } else if query.AffectedRows != 1 {
|
|
|
db.Rollback()
|
|
|
http.Error(w, "invalid direction for this song", http.StatusBadRequest)
|
|
|
return
|
|
|
}
|
|
|
// there are now two songs with that order, so also check yid
|
|
|
- sql = "UPDATE `song` SET `order` = %d WHERE `order` = %d AND pid = %d AND yid = '%s'"
|
|
|
- sql = fmt.Sprintf(sql, newOrder, order, pid, q.Get("yid"))
|
|
|
- err = db.Query(sql)
|
|
|
+ _, err = prepare("UPDATE `song` SET `order` = ? WHERE `order` = ? AND `pid` = ? AND `yid` = ?",
|
|
|
+ newOrder, order, pid, q.Get("yid"))
|
|
|
if err != nil {
|
|
|
db.Rollback()
|
|
|
http.Error(w, err.String(), http.StatusInternalServerError)
|
|
|
@@ -221,8 +212,8 @@ func poll(w http.ResponseWriter, r *http.Request) {
|
|
|
timestamp := q.Get("timestamp")
|
|
|
if timestamp == "0" {
|
|
|
query, err := prepare(
|
|
|
- "SELECT `yid`,`title`,`user` FROM `playlist` JOIN `song` WHERE `id` = ? ORDER BY `order` ASC",
|
|
|
- q.Get("pid"))
|
|
|
+ "SELECT `yid`,`title`,`user` FROM `playlist` JOIN `song` WHERE `id` = ? ORDER BY `order` ASC",
|
|
|
+ q.Get("pid"))
|
|
|
|
|
|
updates := make([]Update, 0, 2)
|
|
|
for {
|
raylu