[core, SQL] Refactor to use mariadb-connector-cpp and introduce new db namespace

[zach2good]

I affirm:

• I understand that if I do not agree to the following points by completing the checkboxes my PR will be ignored.
• I understand I should leave resolving conversations to the LandSandBoat team so that reviewers won't miss what was said.
• I have read and understood the Contributing Guide and the Code of Conduct.
• I have tested my code and the things my code has changed since the last commit in the PR and will test after any later commits.

What does this pull request do?

https://github.com/LandSandBoat/server/wiki/Database-Library-Upgrade

Steps to test these changes

Test as normal (I changed some things and invalidated all my old testing, so we're starting from the beginning!):

• All xi_world functionality (HTTP server, conquest system, daily tally)
• All xi_search functionality (/sea all, AH, and anything else that goes through it)
• Regular xi_map functionality continues to work, including staying up for 12+ hours (to make sure TryPing hasn't broken)
• Send a /tell to yourself
• /yell
• Do some quests
• Fight some monsters
• Log in, log out
• Create a character
• Delete a character
• /sea all
• Teleport a full party somewhere
• Look up some stuff on AH
• Look at someone's seacom message
• Hang around and wait for conquest stuff to happen
• Set up and use the HTTP API
• Form a party, chat, disband
• Form a party with an added trust, chat, disband
• Form an alliance, chat, disband
• Talk in a Linkshell
• Make sure RPC still works (SendLuaFuncStringToZone in mog_tablets: !exec xi.mogTablet.hideAllTablets())
• Form a party, chat, etc. across multiple processes
• Console system: gm Testo 5
• Before/after Tracy profiling of regular queries and some query-heavy routines
• Before/after Tracy profiling of a couple of test spots that will use prepared statements
• Confirm everything works with task_system:

        // clang-format off
        {
            ts::task_system ts;
            for (auto zoneId : zonesOnThisProcess)
            {
                ts.schedule([zoneId]()
                {
                    TracyZoneScoped;
                    auto* PZone = g_PZoneList[zoneId];

                    auto Query = "SELECT \

[zach2good]

Evening discoveries: both C++-style mariadb connectors are very much 1-indexed. 😷

[zach2good]

Added some basic locking to make this use case safe (it would crash out otherwise):

    auto thVec = std::vector<std::jthread>{};
    for (int i = 0; i < 32; ++i)
    {
        thVec.emplace_back(std::jthread(
        [&]()
        {
            auto rset = db::query("SELECT * FROM char_inventory;");
            if (rset && rset->rowsCount())
            while (rset->next())
            {
                ShowInfo("%u", rset->getUInt("charid"));
            }
            std::this_thread::sleep_for(std::chrono::milliseconds(xirand::GetRandomNumber(100, 500)));
        }));
    }

[zach2good]

TODO: Triple check that if a simple query fails, it'll return nullptr as the rset

[zach2good]

TODO: Run through BLU logic to make sure this query works:

    void LoadSetSpells(CCharEntity* PChar)
    {
        TracyZoneScoped;

        if (PChar->GetMJob() == JOB_BLU || PChar->GetSJob() == JOB_BLU)
        {
            const char* Query = "SELECT set_blue_spells FROM "
                                "chars WHERE charid = (?);";

            auto rset = db::preparedStmt(Query, PChar->id);
            if (rset && rset->rowsCount() && rset->next())
            {
                db::extractFromBlob(rset, "set_blue_spells", PChar->m_SetBlueSpells);
            }

[zach2good]

TODO: Ensure that blobs stored in the old system can be loaded by the new system, and that everything works from a before/after standpoint (logging in as BLU, messing around with spells, and zoning is sufficient to check this)

[WinterSolstice8]

Isn't this supposed to replace "bad" characters with escaped ones? ' -> \' and so on so that things like chat, search comments, bazaar comments, etc can still include them, but they also wreck injection?

Speaking of, ' is missing from this list.

[WinterSolstice8]

see:
https://dev.mysql.com/doc/refman/8.0/en/string-literals.html

[TeoTwawki]

also the autostranslate junk people can put in bazaar and seacom, thats not even human visible characters.

[zach2good]

Isn't this supposed to replace "bad" characters with escaped ones? ' -> ' and so on so that things like chat, search comments, bazaar comments, etc can still include them, but they also wreck injection?

Speaking of, ' is missing from this list.

My blob encoding handles escaping characters and things, this sanitise routine is specifically to make super ultra mega sure we're removing any and all possible vectors for SQL injection, even if the c connector, cpp connector and other mechanisms all promise they stop it on our behalf

[zach2good]

autotranslate, bazaar, seacon etc. are all handled as blobs, which I now have acting equivalently to the c-connector, and it's now obvious what it's doing.

This routine is for the cases where plain text is pulled out of incoming packets and used as strings, rather than blobs for the db or the client

[WinterSolstice8]

are gm/chat audits blobs?

[zach2good]

Should be, easy test thanks!

[zach2good]

Will do this in later PRs, I already have evidence of a blob being read from the old system, rewritten and reread correctly

[zach2good]

All my TODOs are addressed, all my testing is done, all my comments and thoughts are addressed. Will finish the article, test TryPing and then ready for merge