Refactor WebSocket user ID filtering and enhance SQL query security: Updated user ID handling in the WebSocket server to improve filtering logic for numeric user IDs. Implemented parameterized queries in the database operations across multiple worker files to prevent SQL injection vulnerabilities, ensuring safer data handling.

src/worker/events.rs

@@ -958,13 +958,13 @@ impl EventsWorker {
         let change = current_money * (percent_change / 100.0);
         let action = format!("Zufallsereignis: Geldänderung {:.2}%", percent_change);
 
-        // Verwende die existierende update_money Funktion
-        let escaped_action = action.replace('\'', "''");
-        let sql = format!(
-            "SELECT falukant_data.update_money({},{},'{}');",
-            user_id, change, escaped_action
-        );
-        let _ = conn.query(&sql)?;
+        // Verwende parametrisierte Queries für Sicherheit gegen SQL-Injection
+        const QUERY_UPDATE_MONEY: &str = r#"
+            SELECT falukant_data.update_money($1, $2, $3);
+        "#;
+
+        conn.prepare("update_money_event", QUERY_UPDATE_MONEY)?;
+        let _ = conn.execute("update_money_event", &[&user_id, &change, &action])?;
 
         Ok(change)
     }