rewrite sql statements to use parameter binding

2025-06-08 12:15:39 +00:00 · 2023-02-28 10:30:00 +03:00 · 2023-02-28 10:30:00 +03:00 · d39c0ea2f8
commit d39c0ea2f8
parent 151fb36276
2 changed files with 16 additions and 36 deletions
--- a/app/db/sqlite/playlists.py
+++ b/app/db/sqlite/playlists.py
@ -15,25 +15,24 @@ class SQLitePlaylistMethods:
    @staticmethod
    def insert_one_playlist(playlist: dict):
        sql = """INSERT INTO playlists(
-            artisthashes,
+        artisthashes,
-            banner_pos,
+        banner_pos,
-            has_gif,
+        has_gif,
-            image,
+        image,
-            last_updated,
+        last_updated,
-            name,
+        name,
-            trackhashes
+        trackhashes
-            ) VALUES(?,?,?,?,?,?,?)
+        ) VALUES(:artisthashes, :banner_pos, :has_gif, :image, :last_updated, :name, :trackhashes)
-            """
+        """
        playlist = OrderedDict(sorted(playlist.items()))
        params = (*playlist.values(),)
        with SQLiteManager(userdata_db=True) as cur:
-            cur.execute(sql, params)
+            cur.execute(sql, playlist)
            pid = cur.lastrowid
            params = (pid, *params)
-            return tuple_to_playlist(params)
+            p_tuple = (pid, *playlist.values())
            return tuple_to_playlist(p_tuple)
    @staticmethod
    def get_playlist_by_name(name: str):
--- a/app/db/sqlite/tracks.py
+++ b/app/db/sqlite/tracks.py
@ -4,6 +4,7 @@ interacting with the tracks table.
 """
 from collections import OrderedDict
 from sqlite3 import Cursor
 from app.db.sqlite.utils import tuple_to_track, tuples_to_tracks
@ -37,31 +38,11 @@ class SQLiteTrackMethods:
            title,
            track,
            trackhash
-            ) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)
+            ) VALUES(:album, :albumartist, :albumhash, :artist, :bitrate, :copyright, :date, :disc, :duration, :filepath, :folder, :genre, :title, :track, :trackhash)
            """
-        cur.execute(
+        track = OrderedDict(sorted(track.items()))
-            sql,
+        cur.execute(sql, track)
            (
                track["album"],
                track["albumartist"],
                track["albumhash"],
                track["artist"],
                track["bitrate"],
                track["copyright"],
                track["date"],
                track["disc"],
                track["duration"],
                track["filepath"],
                track["folder"],
                track["genre"],
                track["title"],
                track["track"],
                track["trackhash"],
            ),
        )
        # TODO: rewrite the above code using an ordered dict and destructuring
    @classmethod
    def insert_many_tracks(cls, tracks: list[dict]):