From 44c2eafcbe3ac862036bf80b80dd8dc47954e37e Mon Sep 17 00:00:00 2001
From: Dan Hemberger <daniel.hemberger@gmail.com>
Date: Thu, 29 Mar 2018 22:51:37 -0700
Subject: [PATCH 1/4] AbstractSmrAccount: add SQL member

Adding a SQL member visually simplifies a lot of queries and
reduces the number of times we call `escapeNumber`, which is
a non-trivial expense when called as many times as it is.
---
 lib/Default/AbstractSmrAccount.class.inc | 58 ++++++++++--------------
 1 file changed, 24 insertions(+), 34 deletions(-)

diff --git a/lib/Default/AbstractSmrAccount.class.inc b/lib/Default/AbstractSmrAccount.class.inc
index e354e4aa1..0de091c67 100644
--- a/lib/Default/AbstractSmrAccount.class.inc
+++ b/lib/Default/AbstractSmrAccount.class.inc
@@ -73,6 +73,7 @@ abstract class AbstractSmrAccount {
 	protected $friendlyColour;
 	protected $neutralColour;
 	protected $enemyColour;
+	protected $SQL;
 
 	protected $npc;
 
@@ -181,7 +182,8 @@ abstract class AbstractSmrAccount {
 
 	function __construct($accountID) {
 		$this->db = new SmrMySqlDatabase();
-		$this->db->query('SELECT * FROM account WHERE account_id = '.$this->db->escapeNumber($accountID).' LIMIT 1');
+		$this->SQL = 'account_id = ' . $this->db->escapeNumber($accountID);
+		$this->db->query('SELECT * FROM account WHERE '.$this->SQL.' LIMIT 1');
 
 		if ($this->db->nextRecord()) {
 			$row = $this->db->getRow();
@@ -251,7 +253,7 @@ abstract class AbstractSmrAccount {
 
 	public function isDisabled() {
 		$this->db->query('SELECT * FROM account_is_closed JOIN closing_reason USING(reason_id) ' .
-			'WHERE account_id = '.$this->db->escapeNumber($this->account_id).' LIMIT 1');
+			'WHERE '.$this->SQL.' LIMIT 1');
 		if ($this->db->nextRecord()) {
 			// get the expire time
 			$expireTime = $this->db->getInt('expires');
@@ -273,7 +275,7 @@ abstract class AbstractSmrAccount {
 	}
 
 	public function isSmsBlacklisted() {
-		$this->db->query('SELECT reason FROM account_sms_blacklist WHERE account_id = ' . $this->db->escapeNumber($this->account_id) . ' LIMIT 1');
+		$this->db->query('SELECT reason FROM account_sms_blacklist WHERE ' . $this->SQL . ' LIMIT 1');
 		if ($this->db->nextRecord())
 			return $this->db->getField('reason');
 		else
@@ -308,7 +310,7 @@ abstract class AbstractSmrAccount {
 			', friendly_colour = ' . $this->db->escapeString($this->friendlyColour, true, true).
 			', neutral_colour = ' . $this->db->escapeString($this->neutralColour, true, true).
 			', enemy_colour = ' . $this->db->escapeString($this->enemyColour, true, true).
-			' WHERE account_id = '.$this->db->escapeNumber($this->account_id).' LIMIT 1');
+			' WHERE '.$this->SQL.' LIMIT 1');
 		$this->hasChanged = false;
 	}
 
@@ -318,14 +320,13 @@ abstract class AbstractSmrAccount {
 
 		// more than 50 elements in it?
 
-		$this->db->query('SELECT account_id,time,ip FROM account_has_ip WHERE account_id = '.$this->db->escapeNumber($this->account_id).' ORDER BY time ASC');
+		$this->db->query('SELECT time,ip FROM account_has_ip WHERE '.$this->SQL.' ORDER BY time ASC');
 		if ($this->db->getNumRows() > 50 && $this->db->nextRecord()) {
-			$delete_id = $this->db->getField('account_id');
 			$delete_time = $this->db->getField('time');
 			$delete_ip = $this->db->getField('ip');
 
 			$this->db->query('DELETE FROM account_has_ip
-				WHERE account_id = '.$this->db->escapeNumber($delete_id).' AND
+				WHERE '.$this->SQL.' AND
 				time = '.$this->db->escapeNumber($delete_time).' AND
 				ip = '.$this->db->escapeString($delete_ip));
 		}
@@ -388,7 +389,7 @@ abstract class AbstractSmrAccount {
 	protected function getHOFData() {
 		if(!isset($this->HOF)) {
 			//Get Player HOF
-			$this->db->query('SELECT type,sum(amount) as amount FROM player_hof WHERE account_id=' . $this->db->escapeNumber($this->getAccountID()).' AND game_id IN (SELECT game_id FROM game WHERE ignore_stats = '.$this->db->escapeBoolean(false).') GROUP BY type');
+			$this->db->query('SELECT type,sum(amount) as amount FROM player_hof WHERE ' . $this->SQL . ' AND game_id IN (SELECT game_id FROM game WHERE ignore_stats = \'FALSE\') GROUP BY type');
 			$this->HOF = array();
 			while($this->db->nextRecord()) {
 				$hof =& $this->HOF;
@@ -498,7 +499,7 @@ abstract class AbstractSmrAccount {
 		if(!isset($this->credits)||!isset($this->rewardCredits)) {
 			$this->credits = 0;
 			$this->rewardCredits = 0;
-			$this->db->query('SELECT * FROM account_has_credits WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('SELECT * FROM account_has_credits WHERE '.$this->SQL.' LIMIT 1');
 			if ($this->db->nextRecord()) {
 				$this->credits = $this->db->getInt('credits_left');
 				$this->rewardCredits = $this->db->getInt('reward_credits');
@@ -528,7 +529,7 @@ abstract class AbstractSmrAccount {
 		if($this->credits==0&&$this->rewardCredits==0)
 			$this->db->query('REPLACE INTO account_has_credits (account_id, credits_left, reward_credits) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($credits).','.$this->db->escapeNumber($rewardCredits).')');
 		else
-			$this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).', reward_credits='.$this->db->escapeNumber($rewardCredits).' WHERE account_id='.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).', reward_credits='.$this->db->escapeNumber($rewardCredits).' WHERE '.$this->SQL.' LIMIT 1');
 		$this->credits=$credits;
 		$this->rewardCredits=$rewardCredits;
 	}
@@ -549,7 +550,7 @@ abstract class AbstractSmrAccount {
 		if($this->credits==0&&$this->rewardCredits==0)
 			$this->db->query('REPLACE INTO account_has_credits (account_id, credits_left) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($credits).')');
 		else
-			$this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).' WHERE account_id='.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('UPDATE account_has_credits SET credits_left='.$this->db->escapeNumber($credits).' WHERE '.$this->SQL.' LIMIT 1');
 		$this->credits=$credits;
 	}
 
@@ -577,7 +578,7 @@ abstract class AbstractSmrAccount {
 		if($this->credits==0&&$this->rewardCredits==0)
 			$this->db->query('REPLACE INTO account_has_credits (account_id, reward_credits) VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($credits).')');
 		else
-			$this->db->query('UPDATE account_has_credits SET reward_credits='.$this->db->escapeNumber($credits).' WHERE account_id='.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('UPDATE account_has_credits SET reward_credits='.$this->db->escapeNumber($credits).' WHERE '.$this->SQL.' LIMIT 1');
 		$this->rewardCredits=$credits;
 	}
 
@@ -666,13 +667,6 @@ abstract class AbstractSmrAccount {
 					$db2->query('INSERT INTO account_donated (account_id, time, amount) VALUES ('.$db2->escapeNumber($this->getAccountID()).', ' . $db2->escapeNumber($db->getInt('time')) . ' , '.$db2->escapeNumber($db->getInt('amount')).')');
 
 
-//				$db = new $databaseClassName();
-//				$db->query('SELECT permission_id FROM account_has_permission ' .
-//						'WHERE account_id = '.$db->escapeNumber($accountID));
-//				$db2 = new SmrMySqlDatabase();
-//				while($db->nextRecord())
-//					$db2->query('INSERT IGNORE INTO account_has_permission (account_id, permission_id) VALUES ('.$db2->escapeNumber($this->getAccountID()).', ' . $db2->escapeNumber($db->getInt('permission_id')).')');
-
 				//Warning: Column name should be escaped somehow.
 				$this->db->query('UPDATE account SET `'.$databaseInfo['Column'].'` = ' . $this->db->escapeNumber($accountID) . ' WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
 				$this->increaseSmrCredits($credits);
@@ -811,7 +805,7 @@ abstract class AbstractSmrAccount {
 			return;
 		if(!in_array($template,array_keys(Globals::getAvailableTemplates())))
 			throw new Exception('Template not allowed: '.$template);
-		$this->db->query('UPDATE account SET template = ' . $this->db->escapeString($template) . ' WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+		$this->db->query('UPDATE account SET template = ' . $this->db->escapeString($template) . ' WHERE '.$this->SQL.' LIMIT 1');
 		$this->template = $template;
 		$colourSchemes = Globals::getAvailableColourSchemes($template);
 		$this->setColourScheme($colourSchemes[0]);
@@ -1121,9 +1115,7 @@ abstract class AbstractSmrAccount {
 	public function getPermissions() {
 		if(!isset($this->permissions)) {
 			$this->permissions = array();
-			$this->db->query('SELECT permission_id
-						FROM account_has_permission
-						WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()));
+			$this->db->query('SELECT permission_id FROM account_has_permission WHERE ' . $this->SQL);
 			while($this->db->nextRecord()) {
 				$this->permissions[$this->db->getInt('permission_id')] = true;
 			}
@@ -1143,7 +1135,7 @@ abstract class AbstractSmrAccount {
 		if(!isset($this->points)) {
 			$this->points=0;
 			$this->db->lockTable('account_has_points');
-			$this->db->query('SELECT * FROM account_has_points WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('SELECT * FROM account_has_points WHERE '.$this->SQL.' LIMIT 1');
 			if($this->db->nextRecord()) {
 				$this->points=$this->db->getInt('points');
 				$lastUpdate = $this->db->getInt('last_update');
@@ -1169,9 +1161,9 @@ abstract class AbstractSmrAccount {
 		if ($this->points==0)
 			$this->db->query('INSERT INTO account_has_points (account_id, points, last_update) VALUES ('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($numPoints).', '.$this->db->escapeNumber($lastUpdate?$lastUpdate:TIME).')');
 		else if($numPoints<=0)
-			$this->db->query('DELETE FROM account_has_points WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('DELETE FROM account_has_points WHERE '.$this->SQL.' LIMIT 1');
 		else
-			$this->db->query('UPDATE account_has_points SET points = '.$this->db->escapeNumber($numPoints).($lastUpdate ? ', last_update = '.$this->db->escapeNumber(TIME) : '').' WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+			$this->db->query('UPDATE account_has_points SET points = '.$this->db->escapeNumber($numPoints).($lastUpdate ? ', last_update = '.$this->db->escapeNumber(TIME) : '').' WHERE '.$this->SQL.' LIMIT 1');
 		$this->points=$numPoints;
 	}
 
@@ -1245,19 +1237,19 @@ abstract class AbstractSmrAccount {
 					(account_id, reason_id, suspicion, expires)
 					VALUES('.$this->db->escapeNumber($this->getAccountID()).', '.$this->db->escapeNumber($reasonID).', '.$this->db->escapeString($suspicion).', '.$this->db->escapeNumber($expireTime).')');
 		$this->db->lockTable('active_session');
-		$this->db->query('DELETE FROM active_session WHERE account_id = '.$this->db->escapeNumber($this->getAccountID()).' LIMIT 1');
+		$this->db->query('DELETE FROM active_session WHERE '.$this->SQL.' LIMIT 1');
 		$this->db->unlock();
 
 		$this->db->query('INSERT INTO account_has_closing_history
 						(account_id, time, admin_id, action)
 						VALUES(' . $this->db->escapeNumber($this->getAccountID()) . ', ' . $this->db->escapeNumber(TIME) . ', ' . $this->db->escapeNumber($admin->getAccountID()) . ', ' . $this->db->escapeString('Closed') . ');');
 		$this->db->query('UPDATE player SET newbie_turns = 1
-						WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . '
+						WHERE ' . $this->SQL . '
 						AND newbie_turns = 0
 						AND land_on_planet = ' . $this->db->escapeBoolean(false));
 
 		$this->db->query('SELECT game_id FROM game JOIN player USING (game_id)
-						WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . '
+						WHERE ' . $this->SQL . '
 						AND end_date >= ' . $this->db->escapeNumber(TIME));
 		while ($this->db->nextRecord()) {
 			$player =& SmrPlayer::getPlayer($this->getAccountID(), $this->db->getInt('game_id'));
@@ -1266,20 +1258,18 @@ abstract class AbstractSmrAccount {
 		}
 		$this->log(LOG_TYPE_ACCOUNT_CHANGES, 'Account closed by ' . $admin->getLogin() . '.');
 		if($removeExceptions!==false)
-			$this->db->query('DELETE FROM account_exceptions WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()));
+			$this->db->query('DELETE FROM account_exceptions WHERE ' . $this->SQL);
 	}
 
 	public function unbanAccount(SmrAccount &$admin = null,$currException=false) {
 		$adminID = 0;
 		if($admin!==null)
 			$adminID = $admin->getAccountID();
-		$this->db->query('DELETE FROM account_is_closed
-					 	WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' LIMIT 1');
+		$this->db->query('DELETE FROM account_is_closed WHERE ' . $this->SQL . ' LIMIT 1');
 		$this->db->query('INSERT INTO account_has_closing_history
 						(account_id, time, admin_id, action)
 						VALUES(' . $this->db->escapeNumber($this->getAccountID()) . ', ' . $this->db->escapeNumber(TIME) . ', ' . $this->db->escapeNumber($adminID) . ', ' . $this->db->escapeString('Opened') . ')');
-		$this->db->query('UPDATE player SET last_turn_update = GREATEST(' . $this->db->escapeNumber(TIME) . ', last_turn_update)
-							WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()));
+		$this->db->query('UPDATE player SET last_turn_update = GREATEST(' . $this->db->escapeNumber(TIME) . ', last_turn_update) WHERE ' . $this->SQL);
 		if($admin!==null)
 			$this->log(LOG_TYPE_ACCOUNT_CHANGES, 'Account reopened by ' . $admin->getLogin() . '.');
 		else

From a10feff746621bf0455ee53f273afb522fbcf8fa Mon Sep 17 00:00:00 2001
From: Dan Hemberger <daniel.hemberger@gmail.com>
Date: Thu, 29 Mar 2018 23:00:25 -0700
Subject: [PATCH 2/4] AbstractSmrPlayer: use SQL member

The SQL member is defined in `SmrPlayer`, but we use it here
because it is already in use. Methods using it should probably
be moved out of the base class.
---
 lib/Default/AbstractSmrPlayer.class.inc | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/lib/Default/AbstractSmrPlayer.class.inc b/lib/Default/AbstractSmrPlayer.class.inc
index 9b2c8efe6..554faacd0 100644
--- a/lib/Default/AbstractSmrPlayer.class.inc
+++ b/lib/Default/AbstractSmrPlayer.class.inc
@@ -167,7 +167,7 @@ abstract class AbstractSmrPlayer {
 	public function isDraftLeader() {
 		if(!isset($this->draftLeader)) {
 			$this->draftLeader = false;
-			$this->db->query('SELECT 1 FROM draft_leaders WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND account_id = ' . $this->db->escapeNumber($this->getAccountID()) . ' LIMIT 1');
+			$this->db->query('SELECT 1 FROM draft_leaders WHERE ' . $this->SQL . ' LIMIT 1');
 			if ($this->db->nextRecord()) {
 				$this->draftLeader = true;
 			}
@@ -178,7 +178,7 @@ abstract class AbstractSmrPlayer {
 	public function getGPWriter() {
 		if(!isset($this->gpWriter)) {
 			$this->gpWriter = false;
-			$this->db->query('SELECT position FROM galactic_post_writer WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND account_id = ' . $this->db->escapeNumber($this->getAccountID()));
+			$this->db->query('SELECT position FROM galactic_post_writer WHERE ' . $this->SQL);
 			if ($this->db->nextRecord()) {
 				$this->gpWriter = $this->db->getField('position');
 			}
@@ -229,9 +229,7 @@ abstract class AbstractSmrPlayer {
 				$this->canFed[$raceID2] = $this->getRelation($raceID2) >= ALIGN_FED_PROTECTION;
 			}
 			$this->db->query('SELECT race_id, allowed FROM player_can_fed
-								WHERE account_id = ' . $this->db->escapeNumber($this->getAccountID()) . '
-									AND game_id = ' . $this->db->escapeNumber($this->getGameID()) . '
-									AND expiry > ' . $this->db->escapeNumber(TIME) . ';');
+								WHERE ' . $this->SQL . ' AND expiry > ' . $this->db->escapeNumber(TIME));
 			while($this->db->nextRecord()) {
 				$this->canFed[$this->db->getInt('race_id')] = $this->db->getBoolean('allowed');
 			}
@@ -559,8 +557,7 @@ abstract class AbstractSmrPlayer {
 			$this->allianceRoles[$allianceID] = 0;
 			$this->db->query('SELECT role_id
 						FROM player_has_alliance_role
-						WHERE account_id=' . $this->db->escapeNumber($this->getAccountID()) . '
-						AND game_id=' . $this->db->escapeNumber($this->getGameID()) . '
+						WHERE ' . $this->SQL . '
 						AND alliance_id=' . $this->db->escapeNumber($allianceID) . '
 						LIMIT 1');
 			if ($this->db->nextRecord()) {

From 43cfd3b7e6949696025763ec16dfb1f3ee277fb4 Mon Sep 17 00:00:00 2001
From: Dan Hemberger <daniel.hemberger@gmail.com>
Date: Thu, 29 Mar 2018 23:54:51 -0700
Subject: [PATCH 3/4] SmrLocation: add SQL member

Adding a SQL member visually simplifies a lot of queries and
reduces the number of times we call `escapeNumber`, which is
a non-trivial expense when called as many times as it is.
---
 lib/Default/SmrLocation.class.inc | 45 +++++++++++++++----------------
 1 file changed, 22 insertions(+), 23 deletions(-)

diff --git a/lib/Default/SmrLocation.class.inc b/lib/Default/SmrLocation.class.inc
index 49b1425ac..9db155934 100644
--- a/lib/Default/SmrLocation.class.inc
+++ b/lib/Default/SmrLocation.class.inc
@@ -5,6 +5,7 @@ class SmrLocation {
 	protected static $CACHE_SECTOR_LOCATIONS = array();
 	
 	protected $db;
+	protected $SQL;
 	
 	protected $typeID;
 	protected $name;
@@ -39,10 +40,8 @@ class SmrLocation {
 			$db = new SmrMySqlDatabase();
 			$db->query('SELECT location_type_id FROM location WHERE sector_id = ' . $db->escapeNumber($sectorID) . ' AND game_id=' . $db->escapeNumber($gameID));
 			$locations = array();
-			$i=0;
 			while($db->nextRecord()) {
-				$locations[$i] = self::getLocation($db->getField('location_type_id'));
-				$i++;
+				$locations[] = self::getLocation($db->getField('location_type_id'));
 			}
 			self::$CACHE_SECTOR_LOCATIONS[$gameID][$sectorID] = $locations;
 		}
@@ -51,15 +50,15 @@ class SmrLocation {
 	
 	public static function &getLocation($locationTypeID,$forceUpdate = false) {
 		if($forceUpdate || !isset(self::$CACHE_LOCATIONS[$locationTypeID])) {
-			$p = new SmrLocation($locationTypeID);
-			self::$CACHE_LOCATIONS[$locationTypeID] = $p;
+			self::$CACHE_LOCATIONS[$locationTypeID] = new SmrLocation($locationTypeID);
 		}
 		return self::$CACHE_LOCATIONS[$locationTypeID];
 	}
 	
 	protected function __construct($locationTypeID) {
 		$this->db = new SmrMySqlDatabase();
-		$this->db->query('SELECT location_type_id,location_name,location_processor,location_image FROM location_type WHERE location_type_id = ' . $this->db->escapeNumber($locationTypeID) . ' LIMIT 1');
+		$this->SQL = 'location_type_id = ' . $this->db->escapeNumber($locationTypeID);
+		$this->db->query('SELECT location_type_id,location_name,location_processor,location_image FROM location_type WHERE ' . $this->SQL . ' LIMIT 1');
 		
 		if($this->db->nextRecord()) {
 			$this->typeID = $this->db->getField('location_type_id');
@@ -96,7 +95,7 @@ class SmrLocation {
 			return;
 		}
 		$this->name = $name;
-		$this->db->query('UPDATE location_type SET location_name=' . $this->db->escapeString($this->name) . ' WHERE location_type_id=' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+		$this->db->query('UPDATE location_type SET location_name=' . $this->db->escapeString($this->name) . ' WHERE ' . $this->SQL . ' LIMIT 1');
 	}
 	
 	public function hasAction() {
@@ -113,7 +112,7 @@ class SmrLocation {
 	
 	public function isFed() {
 		if(!isset($this->fed)) {
-			$this->db->query('SELECT * FROM location_is_fed WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('SELECT * FROM location_is_fed WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->fed = $this->db->nextRecord();
 		}
 		return $this->fed;
@@ -128,14 +127,14 @@ class SmrLocation {
 			$this->fed = true;
 		}
 		else if($bool===false) {
-			$this->db->query('DELETE FROM location_is_fed WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('DELETE FROM location_is_fed WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->fed = false;
 		}
 	}
 	
 	public function isBank() {
 		if(!isset($this->bank)) {
-			$this->db->query('SELECT * FROM location_is_bank WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('SELECT * FROM location_is_bank WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->bank = $this->db->nextRecord();
 		}
 		return $this->bank;
@@ -149,14 +148,14 @@ class SmrLocation {
 			$this->bank = true;
 		}
 		else if($bool===false) {
-			$this->db->query('DELETE FROM location_is_bank WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('DELETE FROM location_is_bank WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->bank = false;
 		}
 	}
 	
 	public function isBar() {
 		if(!isset($this->bar)) {
-			$this->db->query('SELECT * FROM location_is_bar WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('SELECT * FROM location_is_bar WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->bar = $this->db->nextRecord();
 		}
 		return $this->bar;
@@ -170,14 +169,14 @@ class SmrLocation {
 			$this->bar = true;
 		}
 		else if($bool===false) {
-			$this->db->query('DELETE FROM location_is_bar WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('DELETE FROM location_is_bar WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->bar = false;
 		}
 	}
 	
 	public function isHQ() {
 		if(!isset($this->HQ)) {
-			$this->db->query('SELECT * FROM location_is_hq WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('SELECT * FROM location_is_hq WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->HQ = $this->db->nextRecord();
 		}
 		return $this->HQ;
@@ -191,14 +190,14 @@ class SmrLocation {
 			$this->HQ = true;
 		}
 		else if($bool===false) {
-			$this->db->query('DELETE FROM location_is_hq WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('DELETE FROM location_is_hq WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->HQ = false;
 		}
 	}
 	
 	public function isUG() {
 		if(!isset($this->UG)) {
-			$this->db->query('SELECT * FROM location_is_ug WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('SELECT * FROM location_is_ug WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->UG = $this->db->nextRecord();
 		}
 		return $this->UG;
@@ -212,7 +211,7 @@ class SmrLocation {
 			$this->UG = true;
 		}
 		else if($bool===false) {
-			$this->db->query('DELETE FROM location_is_ug WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' LIMIT 1');
+			$this->db->query('DELETE FROM location_is_ug WHERE ' . $this->SQL . ' LIMIT 1');
 			$this->UG = false;
 		}
 	}
@@ -220,7 +219,7 @@ class SmrLocation {
 	public function &getHardwareSold() {
 		if(!isset($this->hardwareSold)) {
 			$this->hardwareSold = array();
-			$this->db->query('SELECT hardware_type_id FROM location_sells_hardware WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()));
+			$this->db->query('SELECT hardware_type_id FROM location_sells_hardware WHERE ' . $this->SQL);
 			while($this->db->nextRecord()) {
 				$this->hardwareSold[$this->db->getInt('hardware_type_id')] = Globals::getHardwareTypes($this->db->getInt('hardware_type_id'));
 			}
@@ -249,7 +248,7 @@ class SmrLocation {
 	public function removeHardwareSold($hardwareTypeID) {
 		if(!$this->isHardwareSold($hardwareTypeID))
 			return;
-		$this->db->query('DELETE FROM location_sells_hardware WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' AND hardware_type_id = ' . $this->db->escapeNumber($hardwareTypeID) . ' LIMIT 1');
+		$this->db->query('DELETE FROM location_sells_hardware WHERE ' . $this->SQL . ' AND hardware_type_id = ' . $this->db->escapeNumber($hardwareTypeID) . ' LIMIT 1');
 		unset($this->hardwareSold[$hardwareTypeID]);
 	}
 	
@@ -257,7 +256,7 @@ class SmrLocation {
 		if(!isset($this->shipsSold)) {
 			require_once(get_file_loc('AbstractSmrShip.class.inc'));
 			$this->shipsSold = array();
-			$this->db->query('SELECT * FROM location_sells_ships WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()));
+			$this->db->query('SELECT * FROM location_sells_ships WHERE ' . $this->SQL);
 			while($this->db->nextRecord()) {
 				$this->shipsSold[$this->db->getInt('ship_type_id')] = AbstractSmrShip::getBaseShip(Globals::getGameType(SmrSession::$game_id), $this->db->getInt('ship_type_id'));
 			}
@@ -286,7 +285,7 @@ class SmrLocation {
 	public function removeShipSold($shipTypeID) {
 		if(!$this->isShipSold($shipTypeID))
 			return;
-		$this->db->query('DELETE FROM location_sells_ships WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' AND ship_type_id = ' . $this->db->escapeNumber($shipTypeID) . ' LIMIT 1');
+		$this->db->query('DELETE FROM location_sells_ships WHERE ' . $this->SQL . ' AND ship_type_id = ' . $this->db->escapeNumber($shipTypeID) . ' LIMIT 1');
 		unset($this->shipsSold[$shipTypeID]);
 	}
 	
@@ -294,7 +293,7 @@ class SmrLocation {
 		if(!isset($this->weaponsSold)) {
 			require_once(get_file_loc('SmrWeapon.class.inc'));
 			$this->weaponsSold = array();
-			$this->db->query('SELECT * FROM location_sells_weapons WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()));
+			$this->db->query('SELECT * FROM location_sells_weapons WHERE ' . $this->SQL);
 			while($this->db->nextRecord())
 				$this->weaponsSold[$this->db->getInt('weapon_type_id')] = SmrWeapon::getWeapon(Globals::getGameType(SmrSession::$game_id),$this->db->getInt('weapon_type_id'));
 		}
@@ -322,7 +321,7 @@ class SmrLocation {
 	public function removeWeaponSold($weaponTypeID) {
 		if(!$this->isWeaponSold($weaponTypeID))
 			return;
-		$this->db->query('DELETE FROM location_sells_weapons WHERE location_type_id = ' . $this->db->escapeNumber($this->getTypeID()) . ' AND weapon_type_id = ' . $this->db->escapeNumber($weaponTypeID) . ' LIMIT 1');
+		$this->db->query('DELETE FROM location_sells_weapons WHERE ' . $this->SQL . ' AND weapon_type_id = ' . $this->db->escapeNumber($weaponTypeID) . ' LIMIT 1');
 		unset($this->weaponsSold[$weaponTypeID]);
 	}
 	

From 7e4791e7162332bdd4c6a2e497d2f1062da9ddde Mon Sep 17 00:00:00 2001
From: Dan Hemberger <daniel.hemberger@gmail.com>
Date: Fri, 30 Mar 2018 00:30:58 -0700
Subject: [PATCH 4/4] SmrPlanet: add SQL member

Adding a SQL member visually simplifies a lot of queries and
reduces the number of times we call `escapeNumber`, which is
a non-trivial expense when called as many times as it is.
---
 lib/Default/SmrPlanet.class.inc | 38 ++++++++++++---------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/lib/Default/SmrPlanet.class.inc b/lib/Default/SmrPlanet.class.inc
index feda4801f..3b7110c24 100644
--- a/lib/Default/SmrPlanet.class.inc
+++ b/lib/Default/SmrPlanet.class.inc
@@ -11,6 +11,7 @@ class SmrPlanet {
 	protected $maxBuildings;
 
 	protected $db;
+	protected $SQL;
 
 	protected $sectorID;
 	protected $gameID;
@@ -112,8 +113,9 @@ class SmrPlanet {
 
 	protected function __construct($gameID,$sectorID,$create=false) {
 		$this->db = new SmrMySqlDatabase();
+		$this->SQL = 'game_id = ' . $this->db->escapeNumber($gameID) . ' AND sector_id = ' . $this->db->escapeNumber($sectorID);
 
-		$this->db->query('SELECT * FROM planet WHERE game_id = ' . $this->db->escapeNumber($gameID) . ' AND sector_id = ' . $this->db->escapeNumber($sectorID));
+		$this->db->query('SELECT * FROM planet WHERE ' . $this->SQL);
 		if ($this->db->nextRecord()) {
 			$this->sectorID			= $this->db->getInt('sector_id');
 			$this->gameID			= $this->db->getInt('game_id');
@@ -515,7 +517,7 @@ class SmrPlanet {
 			// initialize cargo array
 			$this->stockpile = array();
 			// get supplies from db
-			$this->db->query('SELECT good_id, amount FROM planet_has_cargo WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()));
+			$this->db->query('SELECT good_id, amount FROM planet_has_cargo WHERE ' . $this->SQL);
 			// adding cargo and amount to array
 			while ($this->db->nextRecord())
 				$this->stockpile[$this->db->getInt('good_id')] = $this->db->getInt('amount');
@@ -565,7 +567,7 @@ class SmrPlanet {
 			$this->buildings = array();
 
 			// get buildingss from db
-			$this->db->query('SELECT construction_id, amount FROM planet_has_building WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()));
+			$this->db->query('SELECT construction_id, amount FROM planet_has_building WHERE ' . $this->SQL);
 			// adding building and amount to array
 			while ($this->db->nextRecord()) {
 				$this->buildings[$this->db->getInt('construction_id')] = $this->db->getInt('amount');
@@ -617,12 +619,7 @@ class SmrPlanet {
 		if(!isset($this->currentlyBuilding)) {
 			$this->currentlyBuilding = array();
 
-			$this->db->query('
-				SELECT * 
-				FROM planet_is_building 
-				WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' 
-				AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()));
-			
+			$this->db->query('SELECT * FROM planet_is_building WHERE ' . $this->SQL);
 			while($this->db->nextRecord()) {
 				if($this->db->getInt('time_complete') <= TIME) {
 					$expGain = $this->getConstructionExp($this->db->getInt('construction_id'));
@@ -677,8 +674,7 @@ class SmrPlanet {
 	
 	public function setTypeID($num) {
 		$this->typeID = $num;
-		$this->db->query('UPDATE planet SET planet_type_id = '.$this->db->escapeNumber($num).' WHERE game_id = ' . $this->getGameID()
-			. ' AND sector_id = '.$this->getSectorID());
+		$this->db->query('UPDATE planet SET planet_type_id = '.$this->db->escapeNumber($num).' WHERE '.$this->SQL);
 			
 		//this will allow get to load new set from db
 		unset($this->canOptions);
@@ -807,8 +803,7 @@ class SmrPlanet {
 									credits = ' . $this->db->escapeNumber($this->credits) . ',
 									bonds = ' . $this->db->escapeNumber($this->bonds) . ',
 									maturity = ' . $this->db->escapeNumber($this->maturity) . '
-								WHERE game_id = ' . $this->db->escapeNumber($this->gameID) . '
-									AND sector_id = ' . $this->db->escapeNumber($this->sectorID));
+								WHERE ' . $this->SQL);
 			$this->hasChanged = false;
 		}
 
@@ -820,8 +815,7 @@ class SmrPlanet {
 										 'VALUES(' . $this->db->escapeNumber($this->getGameID()) . ', ' . $this->db->escapeNumber($this->getSectorID()) . ', ' . $this->db->escapeNumber($id) . ', ' . $this->db->escapeNumber($amount) . ')');
 				}
 				else {
-					$this->db->query('DELETE FROM planet_has_cargo WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . '
-										AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . '
+					$this->db->query('DELETE FROM planet_has_cargo WHERE ' . $this->SQL . '
 										AND good_id = ' . $this->db->escapeNumber($id));
 				}
 			}
@@ -829,9 +823,7 @@ class SmrPlanet {
 
 
 		if(count($this->hasStoppedBuilding)>0) {
-			$this->db->query('DELETE FROM planet_is_building
-							WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . '
-								AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . '
+			$this->db->query('DELETE FROM planet_is_building WHERE ' . $this->SQL . '
 								AND building_slot_id IN (' . $this->db->escapeArray($this->hasStoppedBuilding) . ') LIMIT ' . count($this->hasStoppedBuilding));
 			$this->hasStoppedBuilding = array();
 		}
@@ -843,9 +835,7 @@ class SmrPlanet {
 										'VALUES(' . $this->db->escapeNumber($this->gameID) . ', ' . $this->db->escapeNumber($this->sectorID) . ', ' . $this->db->escapeNumber($id) . ', ' . $this->db->escapeNumber($this->getBuilding($id)) . ')');
 				}
 				else {
-					$this->db->query('DELETE FROM planet_has_building
-									WHERE game_id = ' . $this->db->escapeNumber($this->gameID) . '
-										AND sector_id = ' . $this->db->escapeNumber($this->sectorID) . '
+					$this->db->query('DELETE FROM planet_has_building WHERE ' . $this->SQL . '
 										AND construction_id = ' . $this->db->escapeNumber($id));
 				}
 				$this->hasChangedBuildings[$id] = false;
@@ -1272,13 +1262,13 @@ class SmrPlanet {
 
 	public function creditCurrentAttackersForKill() {
 		//get all players involved for HoF
-		$this->db->query('SELECT account_id,level FROM player_attacks_planet WHERE game_id = ' . $this->db->escapeNumber($this->getGameID()) . ' AND sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' AND time > ' . $this->db->escapeNumber(TIME - self::TIME_TO_CREDIT_BUST));
+		$this->db->query('SELECT account_id,level FROM player_attacks_planet WHERE ' . $this->SQL . ' AND time > ' . $this->db->escapeNumber(TIME - self::TIME_TO_CREDIT_BUST));
 		while ($this->db->nextRecord()) {
 			$currPlayer = SmrPlayer::getPlayer($this->db->getInt('account_id'),$this->getGameID());
 			$currPlayer->increaseHOF($this->db->getInt('level'),array('Combat','Planet','Levels'), HOF_PUBLIC);
 			$currPlayer->increaseHOF(1,array('Combat','Planet','Completed'), HOF_PUBLIC);
 		}
-		$this->db->query('DELETE FROM player_attacks_planet WHERE sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' AND game_id = ' . $this->db->escapeNumber($this->getGameID()));
+		$this->db->query('DELETE FROM player_attacks_planet WHERE ' . $this->SQL);
 	}
 
 	public function &killPlanetByPlayer(AbstractSmrPlayer &$killer) {
@@ -1286,7 +1276,7 @@ class SmrPlanet {
 		$this->creditCurrentAttackersForKill();
 
 		//kick everyone from planet
-		$this->db->query('UPDATE player SET land_on_planet = \'FALSE\' WHERE sector_id = ' . $this->db->escapeNumber($this->getSectorID()) . ' AND game_id = ' . $this->db->escapeNumber($this->getGameID()));
+		$this->db->query('UPDATE player SET land_on_planet = \'FALSE\' WHERE ' . $this->SQL);
 		$this->removeClaimed();
 		$this->removePassword();
 		return $return;