From fdf65962b9610ab0a7b8e91dc1a2d4973f44c169 Mon Sep 17 00:00:00 2001
From: Nathan Perry <avaglir@gmail.com>
Date: Sat, 7 Apr 2018 06:09:52 -0400
Subject: database-based memeing working

---
 src/db/mod.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/db/mod.rs')

diff --git a/src/db/mod.rs b/src/db/mod.rs
index 0862883..ac0e321 100644
--- a/src/db/mod.rs
+++ b/src/db/mod.rs
@@ -22,12 +22,14 @@ pub fn connection() -> Result<PgConnection> {
 
 pub fn find_meme<T: AsRef<str>>(conn: &PgConnection, search: T) -> Result<Meme> {
     use diesel::dsl::sql;
+    use diesel::types::Text;
 
     let search = search.as_ref();
     let format_search = format!("%{}%", search);
 
+    // TODO: check for injection
     memes::table
-        .filter(memes::title.ilike(&format_search).or(sql(&format!("content ILIKE %{}%", search))))
+        .filter(memes::title.ilike(&format_search).or(sql("content ILIKE ").bind::<Text, _>(&format_search)))
         .limit(1)
         .first::<Meme>(conn)
         .map_err(Error::from)
@@ -35,12 +37,14 @@ pub fn find_meme<T: AsRef<str>>(conn: &PgConnection, search: T) -> Result<Meme>
 
 pub fn find_text<T: AsRef<str>>(conn: &PgConnection, search: T) -> Result<Meme> {
     use diesel::dsl::sql;
+    use diesel::types::Text;
 
     let search = search.as_ref();
     let format_search = format!("%{}%", search);
 
+    // TODO: check for injection
     memes::table
-        .filter((memes::title.ilike(&format_search).or(sql(&format!("content ILIKE %{}%", search))))
+        .filter((memes::title.ilike(&format_search).or(sql("content ILIKE ").bind::<Text, _>(&format_search)))
             .and(memes::content.is_not_null()))
         .limit(1)
         .first::<Meme>(conn)
-- 
cgit v1.3.1