Leahnaya/pokemon-showdown-client
1
0
Fork 0
mirror of https://github.com/smogon/pokemon-showdown-client.git synced 2026-03-21 17:50:29 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix bugs in ladder prefix search

Browse Source 
- `$prefix` needs to be initialized
- `$_REQUEST['prefix']` was misspelled as `$_REQUEST['format']`
- prefix argument in `getTop` not correctly marked as optional
- fix missing `FROM`, `AS alias`, and extraneous `)` in query
- `LIMIT` apparently can't be parameterized in MySQL?
This commit is contained in:
Guangcong Luo 2019-07-19 16:33:25 -04:00
parent 787a7998da
commit 8ca9916bdc
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ladder.php
View File

@ -3,9 +3,10 @@
include 'lib/ntbb-ladder.lib.php';
$formatid = 'OU';
$prefix = null;
if (@$_REQUEST['format']) $formatid = $_REQUEST['format'];
if (@$_REQUEST['format']) $prefix = $_REQUEST['prefix'];
if ($_REQUEST['format'] ?? null) $formatid = $_REQUEST['format'];
if ($_REQUEST['prefix'] ?? null) $prefix = $_REQUEST['prefix'];
if (!ctype_alnum($formatid)) {
die('denied');

12
lib/ntbb-ladder.lib.php
View File

@ -206,7 +206,7 @@ class NTBBLadder {
return true;
}
function getTop($prefix) {
function getTop($prefix = null) {
global $ladderdb;
$needUpdate = true;
$top = array();
@ -228,15 +228,15 @@ class NTBBLadder {
// The ladder database can't really handle large queries which aren't indexed, so we instead perform
// an indexed query for additional rows and filter them down further. This is obviously *not* guaranteed
// to return exactly $limit results, but should be 'good enough' in practice.
$overfetch = $limit * 4;
$overfetch = $limit * 2;
$res = $ladderdb->query(
"SELECT * (SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT ?) WHERE `userid` LIKE ? LIMIT ?)",
[$this->formatid, $overfetch, "{$prefix}%", $limit]
"SELECT * FROM (SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT $overfetch) AS `unusedalias` WHERE `userid` LIKE ? LIMIT $limit",
[$this->formatid, "$prefix%"]
);
} else {
$res = $ladderdb->query(
"SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT ?",
[$this->formatid, $limit]
"SELECT * FROM `{$ladderdb->prefix}ladder` WHERE `formatid` = ? ORDER BY `elo` DESC LIMIT $limit",
[$this->formatid]
);
}