mirror of https://github.com/iv-org/invidious.git
db: use prepared statements rather than crafted argument list
This commit is contained in:
parent
ce4a52325b
commit
67dd2b419a
|
@ -77,14 +77,13 @@ module Invidious::Database::Channels
|
||||||
|
|
||||||
def select(ids : Array(String)) : Array(InvidiousChannel)?
|
def select(ids : Array(String)) : Array(InvidiousChannel)?
|
||||||
return [] of InvidiousChannel if ids.empty?
|
return [] of InvidiousChannel if ids.empty?
|
||||||
values = ids.map { |id| %(('#{id}')) }.join(",")
|
|
||||||
|
|
||||||
request = <<-SQL
|
request = <<-SQL
|
||||||
SELECT * FROM channels
|
SELECT * FROM channels
|
||||||
WHERE id = ANY(VALUES #{values})
|
WHERE id = ANY($1)
|
||||||
SQL
|
SQL
|
||||||
|
|
||||||
return PG_DB.query_all(request, as: InvidiousChannel)
|
return PG_DB.query_all(request, ids, as: InvidiousChannel)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -127,11 +126,11 @@ module Invidious::Database::ChannelVideos
|
||||||
|
|
||||||
request = <<-SQL
|
request = <<-SQL
|
||||||
SELECT * FROM channel_videos
|
SELECT * FROM channel_videos
|
||||||
WHERE id IN (#{arg_array(ids)})
|
WHERE id = ANY($1)
|
||||||
ORDER BY published DESC
|
ORDER BY published DESC
|
||||||
SQL
|
SQL
|
||||||
|
|
||||||
return PG_DB.query_all(request, args: ids, as: ChannelVideo)
|
return PG_DB.query_all(request, ids, as: ChannelVideo)
|
||||||
end
|
end
|
||||||
|
|
||||||
def select_notfications(ucid : String, since : Time) : Array(ChannelVideo)
|
def select_notfications(ucid : String, since : Time) : Array(ChannelVideo)
|
||||||
|
|
Loading…
Reference in New Issue