diff options
Diffstat (limited to 'src/db/mod.rs')
| -rw-r--r-- | src/db/mod.rs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/db/mod.rs b/src/db/mod.rs index 0862883..ac0e321 100644 --- a/src/db/mod.rs +++ b/src/db/mod.rs @@ -22,12 +22,14 @@ pub fn connection() -> Result<PgConnection> { pub fn find_meme<T: AsRef<str>>(conn: &PgConnection, search: T) -> Result<Meme> {
use diesel::dsl::sql;
+ use diesel::types::Text;
let search = search.as_ref();
let format_search = format!("%{}%", search);
+ // TODO: check for injection
memes::table
- .filter(memes::title.ilike(&format_search).or(sql(&format!("content ILIKE %{}%", search))))
+ .filter(memes::title.ilike(&format_search).or(sql("content ILIKE ").bind::<Text, _>(&format_search)))
.limit(1)
.first::<Meme>(conn)
.map_err(Error::from)
@@ -35,12 +37,14 @@ pub fn find_meme<T: AsRef<str>>(conn: &PgConnection, search: T) -> Result<Meme> pub fn find_text<T: AsRef<str>>(conn: &PgConnection, search: T) -> Result<Meme> {
use diesel::dsl::sql;
+ use diesel::types::Text;
let search = search.as_ref();
let format_search = format!("%{}%", search);
+ // TODO: check for injection
memes::table
- .filter((memes::title.ilike(&format_search).or(sql(&format!("content ILIKE %{}%", search))))
+ .filter((memes::title.ilike(&format_search).or(sql("content ILIKE ").bind::<Text, _>(&format_search)))
.and(memes::content.is_not_null()))
.limit(1)
.first::<Meme>(conn)
|