I tried claude the other day. See anything wrong with this code?
bool MessageStore::insert(const std::string& session_pub_key,
const std::string& msg,
const std::string& display_name,
long long sent_at_ms) {
if (!reconnect_if_needed()) return false;
auto esc = [&](const std::string& s) {
std::string out(s.size() * 2 + 1, '\0');
mysql_real_escape_string(conn_, out.data(), s.data(), s.size());
return out;
};
std::string e_key = esc(session_pub_key);
std::string e_msg = esc(msg);
std::string e_name = esc(display_name);
char sql[8192];
if (sent_at_ms > 0) {
long long sec = sent_at_ms / 1000;
long long ms = sent_at_ms % 1000;
snprintf(sql, sizeof(sql),
"INSERT INTO messages (msg, session_pub_key, display_name, sent_at) "
"VALUES ('%s', '%s', %s, FROM_UNIXTIME(%lld) + INTERVAL %lld MICROSECOND)",
e_msg.c_str(), e_key.c_str(), name_sql.c_str(),
sec, ms * 1000);
} else {
snprintf(sql, sizeof(sql),
"INSERT INTO messages (msg, session_pub_key, display_name) "
"VALUES ('%s', '%s', %s)",
e_msg.c_str(), e_key.c_str(), display_name.empty() ? "NULL" : ("'" + e_name + "'"));
}
if (mysql_query(conn_, sql) != 0) {
fprintf(stderr, "[db] insert failed: %s\n", mysql_error(conn_));
return false;
}
fprintf(stderr, "[db] inserted from %s ('%s')\n",
session_pub_key.substr(0,14).c_str(),
display_name.c_str());
return true;
}
hint: sql injection, no i didn't ask for the rookie version of the function ;0
it should do great things over at the pentagon i suppose. and a great way to replace developers at tech companies. likely the entire internet will cave in on itself lol.
Claude Code is blowing me away
What Claude does is eye-opening. One thing he has taught me is that the future belongs to the APIs and CLIs.Β
