Use only Prepared statements for queries

AmbireTech / adex-validator-stack-rust

The Ambire AdEx Validator Stack implemented in Rust: sentry, validator worker, adapter, adview manager

https://adex.network

GNU Affero General Public License v3.0

11 stars 10 forks source link

Use only Prepared statements for queries #293

Closed elpiel closed 2 years ago

elpiel commented 4 years ago

We currently have places where we don't use prepared statements for queries. This could lead to bugs if Display and ToSql implementations for the struct are different, however this is not the case at the moment.

[x] Change all remaining queries to use prepared statement parameters

elpiel commented 3 years ago

There are places that remain which don't use parameters from a prepared statement and instead integrate the values directly into the query. This will be changed with AIP#61 as a alterations of the code in the places where this happens is needed.

Example of such place is sentry/src/db/event_aggregate.rs:

https://github.com/AdExNetwork/adex-validator-stack-rust/blob/5ed4c4330bb134afb8ce6c3878751f6a25fcb471/sentry/src/db/event_aggregate.rs#L92

elpiel commented 2 years ago

Since the development of AIP#61 #377 and the latest changes in PR #473 all queries that do not use prepared statements have been fixed or removed.