Enhance change_falukant_user_money: Implement fallback to literal SQL for update_money on failure of parameterized call, improving robustness and error handling.

2025-12-08 16:28:46 +01:00
parent 450497ccd3
commit 99fbaab816
1 changed files with 24 additions and 2 deletions
--- a/src/worker/base.rs
+++ b/src/worker/base.rs
@@ -173,9 +173,31 @@ impl BaseWorker {
            uid_i32, money_str, action
        );
-        let _ = conn.execute("update_money", &[p1, p2, p3])?;
+        // Try parameterized call first
        match conn.execute("update_money", &[p1, p2, p3]) {
            Ok(_) => return Ok(()),
            Err(err) => {
                eprintln!(
                    "[BaseWorker] parameterized update_money failed: {err}, falling back to literal SQL",
                );
                // Fall back: build SQL with literals. Escape action safely (double single-quotes).
                fn escape_sql_literal(s: &str) -> String {
                    s.replace('\'', "''")
                }
-        Ok(())
+                let escaped_action = escape_sql_literal(action);
                // money_str is already a numeric literal string (e.g. "3726" or "1597.12")
                let sql = format!(
                    "SELECT falukant_data.update_money({}, {}::numeric, '{}');",
                    uid_i32, money_str, escaped_action
                );
                // Use query without parameters
                let _ = conn.query(&sql)?;
                return Ok(());
            }
        }
    }
 }