From 5ece56351430d94ab626fb4bb60ce5872e3d38b8 Mon Sep 17 00:00:00 2001
From: Rene Cannao <rene@proxysql.com>
Date: Thu, 22 Jan 2026 00:20:21 +0000
Subject: [PATCH] fix: Correct SQL prepared statement API usage and template
 variable access

Fix compilation errors in the SQL injection fixes:

1. ProxySQL_Admin_Stats.cpp: Use public statsdb->prepare_v2() API
   - Changed from direct proxy_sqlite3_prepare_v2() calls with statsdb->db
   - statsdb->db is private, must use public prepare_v2(query, &stmt) method

2. Admin_Handler.cpp: Add SPA cast for template function access
   - Added ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa; declaration
   - Changed all admindb->execute to SPA->admindb->execute
   - Removed unused 'error' and 'success' variables

The build now completes successfully.
---
 lib/Admin_Handler.cpp        | 34 ++++++++++++++++------------------
 lib/ProxySQL_Admin_Stats.cpp |  4 ++--
 2 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/lib/Admin_Handler.cpp b/lib/Admin_Handler.cpp
index 365b31f4d..dd88c229a 100644
--- a/lib/Admin_Handler.cpp
+++ b/lib/Admin_Handler.cpp
@@ -2368,32 +2368,31 @@ bool admin_handler_command_load_or_save(char *query_no_space, unsigned int query
 			) {
 			l_free(*ql,*q);
 
-			// Execute as transaction to ensure both statements run atomically
-			char* error = NULL;
-			bool success = true;
+			ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
 
+			// Execute as transaction to ensure both statements run atomically
 			// Begin transaction
-			if (!admindb->execute("BEGIN")) {
+			if (!SPA->admindb->execute("BEGIN")) {
 				proxy_error("Failed to BEGIN transaction for LOAD MCP QUERY RULES\n");
 				return false;
 			}
 
 			// Clear target table
-			if (!admindb->execute("DELETE FROM main.mcp_query_rules")) {
+			if (!SPA->admindb->execute("DELETE FROM main.mcp_query_rules")) {
 				proxy_error("Failed to DELETE from main.mcp_query_rules\n");
-				admindb->execute("ROLLBACK");
+				SPA->admindb->execute("ROLLBACK");
 				return false;
 			}
 
 			// Insert from source
-			if (!admindb->execute("INSERT OR REPLACE INTO main.mcp_query_rules SELECT * FROM disk.mcp_query_rules")) {
+			if (!SPA->admindb->execute("INSERT OR REPLACE INTO main.mcp_query_rules SELECT * FROM disk.mcp_query_rules")) {
 				proxy_error("Failed to INSERT into main.mcp_query_rules\n");
-				admindb->execute("ROLLBACK");
+				SPA->admindb->execute("ROLLBACK");
 				return false;
 			}
 
 			// Commit transaction
-			if (!admindb->execute("COMMIT")) {
+			if (!SPA->admindb->execute("COMMIT")) {
 				proxy_error("Failed to COMMIT transaction for LOAD MCP QUERY RULES\n");
 				return false;
 			}
@@ -2408,32 +2407,31 @@ bool admin_handler_command_load_or_save(char *query_no_space, unsigned int query
 			) {
 			l_free(*ql,*q);
 
-			// Execute as transaction to ensure both statements run atomically
-			char* error = NULL;
-			bool success = true;
+			ProxySQL_Admin *SPA=(ProxySQL_Admin *)pa;
 
+			// Execute as transaction to ensure both statements run atomically
 			// Begin transaction
-			if (!admindb->execute("BEGIN")) {
+			if (!SPA->admindb->execute("BEGIN")) {
 				proxy_error("Failed to BEGIN transaction for SAVE MCP QUERY RULES TO DISK\n");
 				return false;
 			}
 
 			// Clear target table
-			if (!admindb->execute("DELETE FROM disk.mcp_query_rules")) {
+			if (!SPA->admindb->execute("DELETE FROM disk.mcp_query_rules")) {
 				proxy_error("Failed to DELETE from disk.mcp_query_rules\n");
-				admindb->execute("ROLLBACK");
+				SPA->admindb->execute("ROLLBACK");
 				return false;
 			}
 
 			// Insert from source
-			if (!admindb->execute("INSERT OR REPLACE INTO disk.mcp_query_rules SELECT * FROM main.mcp_query_rules")) {
+			if (!SPA->admindb->execute("INSERT OR REPLACE INTO disk.mcp_query_rules SELECT * FROM main.mcp_query_rules")) {
 				proxy_error("Failed to INSERT into disk.mcp_query_rules\n");
-				admindb->execute("ROLLBACK");
+				SPA->admindb->execute("ROLLBACK");
 				return false;
 			}
 
 			// Commit transaction
-			if (!admindb->execute("COMMIT")) {
+			if (!SPA->admindb->execute("COMMIT")) {
 				proxy_error("Failed to COMMIT transaction for SAVE MCP QUERY RULES TO DISK\n");
 				return false;
 			}
diff --git a/lib/ProxySQL_Admin_Stats.cpp b/lib/ProxySQL_Admin_Stats.cpp
index 3647a074a..29ea8a74f 100644
--- a/lib/ProxySQL_Admin_Stats.cpp
+++ b/lib/ProxySQL_Admin_Stats.cpp
@@ -1601,7 +1601,7 @@ void ProxySQL_Admin::stats___mcp_query_tools_counters(bool reset) {
 		: "INSERT INTO stats_mcp_query_tools_counters VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8)";
 
 	sqlite3_stmt* statement = NULL;
-	int rc = (*proxy_sqlite3_prepare_v2)(statsdb->db, query_str, -1, &statement, NULL);
+	int rc = statsdb->prepare_v2(query_str, &statement);
 	ASSERT_SQLITE_OK(rc, statsdb);
 
 	if (reset) {
@@ -2625,7 +2625,7 @@ void ProxySQL_Admin::stats___mcp_query_digest(bool reset) {
 		: "INSERT INTO stats_mcp_query_digest VALUES (?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10)";
 
 	sqlite3_stmt* statement = NULL;
-	int rc = (*proxy_sqlite3_prepare_v2)(statsdb->db, query_str, -1, &statement, NULL);
+	int rc = statsdb->prepare_v2(query_str, &statement);
 	ASSERT_SQLITE_OK(rc, statsdb);
 
 	for (std::vector<SQLite3_row*>::iterator it = resultset->rows.begin(); it != resultset->rows.end(); ++it) {