Cleanup SQL query in signalmaster

2024-06-23 18:19:12 +02:00 · 2014-10-14 19:12:12 +02:00 · 2014-10-14 19:12:12 +02:00 · d7175b70b6
commit d7175b70b6
parent 437512e5bd
1 changed files with 6 additions and 1 deletions
--- a/signalmaster/server.js
+++ b/signalmaster/server.js
@ -38,7 +38,12 @@ function safeCb(cb) {
 }

 function checkRoom(room,token,user,cb) {
-   var q = "SELECT `participant` FROM `room_participants` WHERE `participant`=" + sql.escape(user) + " AND `room_id` IN (SELECT `id` FROM `rooms` WHERE `name`=" + sql.escape(room) + " AND `token`=" + sql.escape(token) + ");";
+   var q = 'SELECT `p`.`participant` FROM ' +
+              '`room_participants` `p`, `rooms` `r` ' +
+              'WHERE `p`.`participant`=' + sql.escape(user) + 
+              '  AND `p`.`room_id`=`r`.`id` ' +
+              '  AND `r`.`name`=' + sql.escape(room) +
+              '  AND `r`.`token`=' + sql.escape(token);
   console.log('Checking if ' + user + ' is allowed to join room ' + room + ' using token ' + token);
   sql.query(q, function(err, rows, fields) {
      if (err){