Enhance change_falukant_user_money: Implement fallback to literal SQL for update_money on failure of parameterized call, improving robustness and error handling.

2025-12-08 16:28:46 +01:00
parent 450497ccd3
commit 99fbaab816
1 changed files with 24 additions and 2 deletions
--- a/src/worker/base.rs
+++ b/src/worker/base.rs
@@ -173,9 +173,31 @@ impl BaseWorker {
            uid_i32, money_str, action
        );

-        let _ = conn.execute("update_money", &[p1, p2, p3])?;
+        // Try parameterized call first
+        match conn.execute("update_money", &[p1, p2, p3]) {
+            Ok(_) => return Ok(()),
+            Err(err) => {
+                eprintln!(
+                    "[BaseWorker] parameterized update_money failed: {err}, falling back to literal SQL",
                    
-        Ok(())
+                );
+                // Fall back: build SQL with literals. Escape action safely (double single-quotes).
+                fn escape_sql_literal(s: &str) -> String {
+                    s.replace('\'', "''")
+                }
+
+                let escaped_action = escape_sql_literal(action);
+                // money_str is already a numeric literal string (e.g. "3726" or "1597.12")
+                let sql = format!(
+                    "SELECT falukant_data.update_money({}, {}::numeric, '{}');",
+                    uid_i32, money_str, escaped_action
+                );
+
+                // Use query without parameters
+                let _ = conn.query(&sql)?;
+                return Ok(());
+            }
+        }
    }
 }