Merge remote-tracking branch 'origin/master' into hardsync-1.5

2021-03-03 17:09:01 +08:00
parent 5304029dd9 c0d62c4969
commit 754c24748e
122 changed files with 2913 additions and 1722 deletions
@@ -80,8 +80,11 @@
 	var/client/banned_client = banned_mob?.client
 	var/banned_mob_guest_key = had_banned_mob && IsGuestKey(banned_mob.key)
 	banned_mob = null
-	var/sql_ckey = sanitizeSQL(ckey)
-	var/datum/DBQuery/query_add_ban_get_ckey = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("player")] WHERE ckey = '[sql_ckey]'")
+	var/datum/db_query/query_add_ban_get_ckey = SSdbcore.NewQuery({"
+		SELECT 1
+		FROM [format_table_name("player")]
+		WHERE ckey = :ckey"},
+		list("ckey" = ckey))
 	if(!query_add_ban_get_ckey.warn_execute())
 		qdel(query_add_ban_get_ckey)
 		return
@@ -122,10 +125,11 @@
 		else
 			adminwho += ", [C]"

-	reason = sanitizeSQL(reason)
-	var/sql_a_ckey = sanitizeSQL(a_ckey)
 	if(maxadminbancheck)
-		var/datum/DBQuery/query_check_adminban_amt = SSdbcore.NewQuery("SELECT count(id) AS num FROM [format_table_name("ban")] WHERE (a_ckey = '[sql_a_ckey]') AND (bantype = 'ADMIN_PERMABAN'  OR (bantype = 'ADMIN_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)")
+		var/datum/db_query/query_check_adminban_amt = SSdbcore.NewQuery({"
+			SELECT count(id) AS num FROM [format_table_name("ban")]
+			WHERE (a_ckey = :a_ckey) AND (bantype = 'ADMIN_PERMABAN'  OR (bantype = 'ADMIN_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)
+			"}, list("a_ckey" = a_ckey))
 		if(!query_check_adminban_amt.warn_execute())
 			qdel(query_check_adminban_amt)
 			return
@@ -143,13 +147,15 @@
 		computerid = "0"
 	if(!ip)
 		ip = "0.0.0.0"
-	var/sql_job = sanitizeSQL(job)
-	var/sql_computerid = sanitizeSQL(computerid)
-	var/sql_ip = sanitizeSQL(ip)
-	var/sql_a_computerid = sanitizeSQL(a_computerid)
-	var/sql_a_ip = sanitizeSQL(a_ip)
-	var/sql = "INSERT INTO [format_table_name("ban")] (`bantime`,`server_ip`,`server_port`,`round_id`,`bantype`,`reason`,`job`,`duration`,`expiration_time`,`ckey`,`computerid`,`ip`,`a_ckey`,`a_computerid`,`a_ip`,`who`,`adminwho`) VALUES (Now(), INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]', '[GLOB.round_id]', '[bantype_str]', '[reason]', '[sql_job]', [(duration)?"[duration]":"0"], Now() + INTERVAL [(duration>0) ? duration : 0] MINUTE, '[sql_ckey]', '[sql_computerid]', INET_ATON('[sql_ip]'), '[sql_a_ckey]', '[sql_a_computerid]', INET_ATON('[sql_a_ip]'), '[who]', '[adminwho]')"
-	var/datum/DBQuery/query_add_ban = SSdbcore.NewQuery(sql)
+	var/datum/db_query/query_add_ban = SSdbcore.NewQuery({"
+		INSERT INTO [format_table_name("ban")] (`bantime`,`server_ip`,`server_port`,`round_id`,`bantype`,`reason`,`job`,`duration`,`expiration_time`,`ckey`,`computerid`,`ip`,`a_ckey`,`a_computerid`,`a_ip`,`who`,`adminwho`)
+		VALUES (Now(), INET_ATON(:internet_address), :port, :round_id, :bantype_str, :reason, :job, :duration, Now() + INTERVAL :expiration_time MINUTE, :ckey, :computerid, INET_ATON(:ip), :a_ckey, :a_computerid, INET_ATON(:a_ip), :who, :adminwho)
+		"}, list("internet_address" = world.internet_address ? world.internet_address : 0,
+		"port" = world.port, "round_id" = GLOB.round_id, "bantype_str" = bantype_str, "reason" = reason,
+		"job" = job, "duration" = duration ? "[duration]":"0", "expiration_time" = (duration > 0) ? duration : 0,
+		"ckey" = ckey, "computerid" = computerid, "ip" = ip,
+		"a_ckey" = a_ckey, "a_computerid" = a_computerid, "a_ip" = a_ip, "who" = who, "adminwho" = adminwho
+		))
 	if(!query_add_ban.warn_execute())
 		qdel(query_add_ban)
 		return
@@ -160,7 +166,7 @@
 	var/datum/admin_help/AH = admin_ticket_log(ckey, msg)

 	if(announceinirc)
-		send2irc("BAN ALERT","[a_key] applied a [bantype_str] on [bankey]")
+		send2adminchat("BAN ALERT","[a_key] applied a [bantype_str] on [bankey]")

 	if(kickbannedckey)
 		if(AH)
@@ -212,11 +218,11 @@
 		bantype_sql = "(bantype = 'JOB_PERMABAN' OR (bantype = 'JOB_TEMPBAN' AND expiration_time > Now() ) )"
 	else
 		bantype_sql = "bantype = '[bantype_str]'"
-	var/sql_ckey = sanitizeSQL(ckey)
-	var/sql = "SELECT id FROM [format_table_name("ban")] WHERE ckey = '[sql_ckey]' AND [bantype_sql] AND (unbanned is null OR unbanned = false)"
+	var/sql = "SELECT id FROM [format_table_name("ban")] WHERE ckey = :ckey AND [bantype_sql] AND (unbanned is null OR unbanned = false)"
+	var/list/sql_args = list("ckey" = ckey)
 	if(job)
-		var/sql_job = sanitizeSQL(job)
-		sql += " AND job = '[sql_job]'"
+		sql += " AND job = :job"
+		sql_args["job"] = job

 	if(!SSdbcore.Connect())
 		return
@@ -224,7 +230,7 @@
 	var/ban_id
 	var/ban_number = 0 //failsafe

-	var/datum/DBQuery/query_unban_get_id = SSdbcore.NewQuery(sql)
+	var/datum/db_query/query_unban_get_id = SSdbcore.NewQuery(sql, sql_args)
 	if(!query_unban_get_id.warn_execute())
 		qdel(query_unban_get_id)
 		return
@@ -258,7 +264,7 @@
 		to_chat(usr, "Cancelled")
 		return

-	var/datum/DBQuery/query_edit_ban_get_details = SSdbcore.NewQuery("SELECT IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), duration, reason FROM [format_table_name("ban")] WHERE id = [banid]")
+	var/datum/db_query/query_edit_ban_get_details = SSdbcore.NewQuery("SELECT IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), duration, reason FROM [format_table_name("ban")] WHERE id = [banid]")
 	if(!query_edit_ban_get_details.warn_execute())
 		qdel(query_edit_ban_get_details)
 		return
@@ -278,19 +284,17 @@
 		return
 	qdel(query_edit_ban_get_details)

-	reason = sanitizeSQL(reason)
 	var/value

 	switch(param)
 		if("reason")
 			if(!value)
 				value = input("Insert the new reason for [p_key]'s ban", "New Reason", "[reason]", null) as null|text
-				value = sanitizeSQL(value)
 				if(!value)
 					to_chat(usr, "Cancelled")
 					return

-			var/datum/DBQuery/query_edit_ban_reason = SSdbcore.NewQuery("UPDATE [format_table_name("ban")] SET reason = '[value]', edits = CONCAT(edits,'- [e_key] changed ban reason from <cite><b>\\\"[reason]\\\"</b></cite> to <cite><b>\\\"[value]\\\"</b></cite><BR>') WHERE id = [banid]")
+			var/datum/db_query/query_edit_ban_reason = SSdbcore.NewQuery("UPDATE [format_table_name("ban")] SET reason = '[value]', edits = CONCAT(edits,'- [e_key] changed ban reason from <cite><b>\\\"[reason]\\\"</b></cite> to <cite><b>\\\"[value]\\\"</b></cite><BR>') WHERE id = [banid]")
 			if(!query_edit_ban_reason.warn_execute())
 				qdel(query_edit_ban_reason)
 				return
@@ -303,7 +307,7 @@
 					to_chat(usr, "Cancelled")
 					return

-			var/datum/DBQuery/query_edit_ban_duration = SSdbcore.NewQuery("UPDATE [format_table_name("ban")] SET duration = [value], edits = CONCAT(edits,'- [e_key] changed ban duration from [duration] to [value]<br>'), expiration_time = DATE_ADD(bantime, INTERVAL [value] MINUTE) WHERE id = [banid]")
+			var/datum/db_query/query_edit_ban_duration = SSdbcore.NewQuery("UPDATE [format_table_name("ban")] SET duration = [value], edits = CONCAT(edits,'- [e_key] changed ban duration from [duration] to [value]<br>'), expiration_time = DATE_ADD(bantime, INTERVAL [value] MINUTE) WHERE id = [banid]")
 			if(!query_edit_ban_duration.warn_execute())
 				qdel(query_edit_ban_duration)
 				return
@@ -333,7 +337,7 @@
 	var/ban_number = 0 //failsafe

 	var/p_key
-	var/datum/DBQuery/query_unban_get_ckey = SSdbcore.NewQuery(sql)
+	var/datum/db_query/query_unban_get_ckey = SSdbcore.NewQuery(sql)
 	if(!query_unban_get_ckey.warn_execute())
 		qdel(query_unban_get_ckey)
 		return
@@ -358,7 +362,7 @@
 	var/unban_ip = owner.address

 	var/sql_update = "UPDATE [format_table_name("ban")] SET unbanned = 1, unbanned_datetime = Now(), unbanned_ckey = '[unban_ckey]', unbanned_computerid = '[unban_computerid]', unbanned_ip = INET_ATON('[unban_ip]') WHERE id = [id]"
-	var/datum/DBQuery/query_unban = SSdbcore.NewQuery(sql_update)
+	var/datum/db_query/query_unban = SSdbcore.NewQuery(sql_update)
 	if(!query_unban.warn_execute())
 		qdel(query_unban)
 		return
@@ -448,20 +452,28 @@

 	if(adminckey || playerckey || ip || cid)
 		var/list/searchlist = list()
+		var/list/searchlist_args = list()
 		if(playerckey)
-			searchlist += "ckey = '[sanitizeSQL(ckey(playerckey))]'"
+			searchlist += "ckey = :playerckey"
+			searchlist_args["playerckey"] = playerckey
 		if(adminckey)
-			searchlist += "a_ckey = '[sanitizeSQL(ckey(adminckey))]'"
+			searchlist += "a_ckey = :adminckey"
+			searchlist_args["adminckey"] = adminckey
 		if(ip)
-			searchlist += "ip = INET_ATON('[sanitizeSQL(ip)]')"
+			searchlist += "ip = INET_ATON(:ip)"
+			searchlist_args["ip"] = ip
 		if(cid)
-			searchlist += "computerid = '[sanitizeSQL(cid)]'"
-		var/search = searchlist.Join(" AND ")
+			searchlist += "computerid = :cid"
+			searchlist_args["cid"] = cid
+		var/search = searchlist.Join(" AND ") // x = x AND y = z
 		var/bancount = 0
 		var/bansperpage = 15
 		var/pagecount = 0
 		page = text2num(page)
-		var/datum/DBQuery/query_count_bans = SSdbcore.NewQuery("SELECT COUNT(id) FROM [format_table_name("ban")] WHERE [search]")
+		var/datum/db_query/query_count_bans = SSdbcore.NewQuery({"
+			SELECT COUNT(id) FROM [format_table_name("ban")]
+			WHERE [search]
+			"}, searchlist_args)
 		if(!query_count_bans.warn_execute())
 			qdel(query_count_bans)
 			return
@@ -489,7 +501,11 @@
 		output += "<th width='15%'><b>OPTIONS</b></th>"
 		output += "</tr>"
 		var/limit = " LIMIT [bansperpage * page], [bansperpage]"
-		var/datum/DBQuery/query_search_bans = SSdbcore.NewQuery("SELECT id, bantime, bantype, reason, job, duration, expiration_time, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey), unbanned, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].unbanned_ckey), unbanned_ckey), unbanned_datetime, edits, round_id FROM [format_table_name("ban")] WHERE [search] ORDER BY bantime DESC[limit]")
+
+		var/datum/db_query/query_search_bans = SSdbcore.NewQuery({"
+			SELECT id, bantime, bantype, reason, job, duration, expiration_time, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey), unbanned, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].unbanned_ckey), unbanned_ckey), unbanned_datetime, edits, round_id
+			FROM [format_table_name("ban")]
+			WHERE [search] ORDER BY bantime DESC[limit]"}, searchlist_args)
 		if(!query_search_bans.warn_execute())
 			qdel(query_search_bans)
 			return
@@ -100,7 +100,18 @@
 		if(computer_id)
 			cidquery = " OR computerid = '[computer_id]' "

-		var/datum/DBQuery/query_ban_check = SSdbcore.NewQuery("SELECT IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey), reason, expiration_time, duration, bantime, bantype, id, round_id FROM [format_table_name("ban")] WHERE (ckey = '[ckey]' [ipquery] [cidquery]) AND (bantype = 'PERMABAN' OR bantype = 'ADMIN_PERMABAN' OR ((bantype = 'TEMPBAN' OR bantype = 'ADMIN_TEMPBAN') AND expiration_time > Now())) AND isnull(unbanned)")
+		var/datum/db_query/query_ban_check = SSdbcore.NewQuery({"
+			SELECT IFNULL((SELECT byond_key
+			FROM [format_table_name("player")]
+			WHERE [format_table_name("player")].ckey = [format_table_name("ban")].ckey), ckey),
+				IFNULL((SELECT byond_key FROM [format_table_name("player")]
+				WHERE [format_table_name("player")].ckey = [format_table_name("ban")].a_ckey), a_ckey), reason, expiration_time, duration, bantime, bantype, id, round_id FROM [format_table_name("ban")]
+				WHERE (ckey = :ckey [ipquery] [cidquery])
+					AND (bantype = 'PERMABAN' OR bantype = 'ADMIN_PERMABAN' OR ((bantype = 'TEMPBAN' OR bantype = 'ADMIN_TEMPBAN')
+					AND expiration_time > Now())) AND isnull(unbanned)
+			"}, list(
+				"ckey" = ckey
+			))
 		if(!query_ban_check.Execute(async = TRUE))
 			qdel(query_ban_check)
 			key_cache[key] = 0
@@ -119,16 +119,12 @@ GLOBAL_PROTECT(protected_ranks)
 	set waitfor = FALSE

 	if(IsAdminAdvancedProcCall())
-		to_chat(usr, "<span class='admin prefix'>Admin rank DB Sync blocked: Advanced ProcCall detected.</span>")
+		to_chat(usr, "<span class='admin prefix'>Admin rank DB Sync blocked: Advanced ProcCall detected.</span>", confidential = TRUE)
 		return

 	var/list/sql_ranks = list()
 	for(var/datum/admin_rank/R in GLOB.protected_ranks)
-		var/sql_rank = sanitizeSQL(R.name)
-		var/sql_flags = sanitizeSQL(R.include_rights)
-		var/sql_exclude_flags = sanitizeSQL(R.exclude_rights)
-		var/sql_can_edit_flags = sanitizeSQL(R.can_edit_rights)
-		sql_ranks += list(list("rank" = "'[sql_rank]'", "flags" = "[sql_flags]", "exclude_flags" = "[sql_exclude_flags]", "can_edit_flags" = "[sql_can_edit_flags]"))
+		sql_ranks += list(list("rank" = R.name, "flags" = R.include_rights, "exclude_flags" = R.exclude_rights, "can_edit_flags" = R.can_edit_rights))
 	SSdbcore.MassInsert(format_table_name("admin_ranks"), sql_ranks, duplicate_key = TRUE)

 //load our rank - > rights associations
@@ -160,7 +156,7 @@ GLOBAL_PROTECT(protected_ranks)
 			if(!no_update)
 				sync_ranks_with_db()
 		else
-			var/datum/DBQuery/query_load_admin_ranks = SSdbcore.NewQuery("SELECT rank, flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")]")
+			var/datum/db_query/query_load_admin_ranks = SSdbcore.NewQuery("SELECT `rank`, flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")]")
 			if(!query_load_admin_ranks.Execute())
 				message_admins("Error loading admin ranks from database. Loading from backup.")
 				log_sql("Error loading admin ranks from database. Loading from backup.")
@@ -168,7 +164,7 @@ GLOBAL_PROTECT(protected_ranks)
 			else
 				while(query_load_admin_ranks.NextRow())
 					var/skip
-					var/rank_name = ckeyEx(query_load_admin_ranks.item[1])
+					var/rank_name = query_load_admin_ranks.item[1]
 					for(var/datum/admin_rank/R in GLOB.admin_ranks)
 						if(R.name == rank_name) //this rank was already loaded from txt override
 							skip = 1
@@ -234,20 +230,12 @@ GLOBAL_PROTECT(protected_ranks)
 	for(var/datum/admin_rank/R in GLOB.admin_ranks)
 		rank_names[R.name] = R
 	//ckeys listed in admins.txt are always made admins before sql loading is attempted
-	var/list/lines = world.file2list("[global.config.directory]/admins.txt")
-	for(var/line in lines)
-		if(!length(line) || findtextEx(line, "#", 1, 2))
-			continue
-		var/list/entry = splittext(line, "=")
-		if(entry.len < 2)
-			continue
-		var/ckey = ckey(entry[1])
-		var/rank = ckeyEx(entry[2])
-		if(!ckey || !rank)
-			continue
-		new /datum/admins(rank_names[rank], ckey, 0, 1)
+	var/admins_text = file2text("[global.config.directory]/admins.txt")
+	var/regex/admins_regex = new(@"^(?!#)(.+?)\s+=\s+(.+)", "gm")
+	while(admins_regex.Find(admins_text))
+		new /datum/admins(rank_names[admins_regex.group[2]], ckey(admins_regex.group[1]), FALSE, TRUE)
 	if(!CONFIG_GET(flag/admin_legacy_system) || dbfail)
-		var/datum/DBQuery/query_load_admins = SSdbcore.NewQuery("SELECT ckey, rank FROM [format_table_name("admin")] ORDER BY rank")
+		var/datum/db_query/query_load_admins = SSdbcore.NewQuery("SELECT ckey, `rank` FROM [format_table_name("admin")] ORDER BY `rank`")
 		if(!query_load_admins.Execute())
 			message_admins("Error loading admins from database. Loading from backup.")
 			log_sql("Error loading admins from database. Loading from backup.")
@@ -255,7 +243,7 @@ GLOBAL_PROTECT(protected_ranks)
 		else
 			while(query_load_admins.NextRow())
 				var/admin_ckey = ckey(query_load_admins.item[1])
-				var/admin_rank = ckeyEx(query_load_admins.item[2])
+				var/admin_rank = query_load_admins.item[2]
 				var/skip
 				if(rank_names[admin_rank] == null)
 					message_admins("[admin_ckey] loaded with invalid admin rank [admin_rank].")
@@ -3,8 +3,11 @@
 	if(!M || !istype(M) || !M.ckey)
 		return FALSE

-	if(!M.client) //no cache. fallback to a datum/DBQuery
-		var/datum/DBQuery/query_jobban_check_ban = SSdbcore.NewQuery("SELECT reason FROM [format_table_name("ban")] WHERE ckey = '[sanitizeSQL(M.ckey)]' AND (bantype = 'JOB_PERMABAN'  OR (bantype = 'JOB_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned) AND job = '[sanitizeSQL(rank)]'")
+	if(!M.client) //no cache. fallback to a datum/db_query
+		var/datum/db_query/query_jobban_check_ban = SSdbcore.NewQuery({"
+			SELECT reason FROM [format_table_name("ban")]
+			WHERE ckey = :ckey AND (bantype = 'JOB_PERMABAN' OR (bantype = 'JOB_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned) AND job = :rank
+			"}, list("ckey" = M.ckey, "rank" = rank))
 		if(!query_jobban_check_ban.warn_execute())
 			qdel(query_jobban_check_ban)
 			return
@@ -28,7 +31,10 @@
 		return
 	if(C && istype(C))
 		C.jobbancache = list()
-		var/datum/DBQuery/query_jobban_build_cache = SSdbcore.NewQuery("SELECT job, reason FROM [format_table_name("ban")] WHERE ckey = '[sanitizeSQL(C.ckey)]' AND (bantype = 'JOB_PERMABAN'  OR (bantype = 'JOB_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)")
+		var/datum/db_query/query_jobban_build_cache = SSdbcore.NewQuery({"
+			SELECT job, reason FROM [format_table_name("ban")]
+			WHERE ckey = :ckey AND (bantype = 'JOB_PERMABAN'  OR (bantype = 'JOB_TEMPBAN' AND expiration_time > Now())) AND isnull(unbanned)
+			"}, list("ckey" = C.ckey))
 		if(!query_jobban_build_cache.warn_execute())
 			qdel(query_jobban_build_cache)
 			return
@@ -34,8 +34,9 @@
 	var/endtime = input("Set end time for poll as format YYYY-MM-DD HH:MM:SS. All times in server time. HH:MM:SS is optional and 24-hour. Must be later than starting time for obvious reasons.", "Set end time", SQLtime()) as text
 	if(!endtime)
 		return
-	endtime = sanitizeSQL(endtime)
-	var/datum/DBQuery/query_validate_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[endtime]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[endtime]','%Y-%c-%d %T'), 0)")
+	var/datum/db_query/query_validate_time = SSdbcore.NewQuery({"
+		SELECT IF(STR_TO_DATE(:endtime,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:endtime,'%Y-%c-%d %T'), 0)
+		"}, list("endtime" = endtime))
 	if(!query_validate_time.warn_execute() || QDELETED(usr) || !src)
 		qdel(query_validate_time)
 		return
@@ -63,11 +64,9 @@
 			dontshow = 0
 		else
 			return
-	var/sql_ckey = sanitizeSQL(ckey)
 	var/question = input("Write your question","Question") as message|null
 	if(!question)
 		return
-	question = sanitizeSQL(question)
 	var/list/sql_option_list = list()
 	if(polltype != POLLTYPE_TEXT)
 		var/add_option = 1
@@ -75,7 +74,6 @@
 			var/option = input("Write your option","Option") as message|null
 			if(!option)
 				return
-			option = sanitizeSQL(option)
 			var/default_percentage_calc = 0
 			if(polltype != POLLTYPE_IRV)
 				switch(alert("Should this option be included by default when poll result percentages are generated?",,"Yes","No","Cancel"))
@@ -92,34 +90,27 @@
 			var/descmax = ""
 			if(polltype == POLLTYPE_RATING)
 				minval = input("Set minimum rating value.","Minimum rating") as num|null
-				if(minval)
-					minval = sanitizeSQL(minval)
-				else if(minval == null)
+				if(minval == null)
 					return
 				maxval = input("Set maximum rating value.","Maximum rating") as num|null
-				if(maxval)
-					maxval = sanitizeSQL(maxval)
 				if(minval >= maxval)
 					to_chat(src, "Maximum rating value can't be less than or equal to minimum rating value")
 					continue
-				else if(maxval == null)
+				if(maxval == null)
 					return
 				descmin = input("Optional: Set description for minimum rating","Minimum rating description") as message|null
-				if(descmin)
-					descmin = sanitizeSQL(descmin)
-				else if(descmin == null)
+				if(descmin == null)
 					return
 				descmid = input("Optional: Set description for median rating","Median rating description") as message|null
-				if(descmid)
-					descmid = sanitizeSQL(descmid)
-				else if(descmid == null)
+				if(descmid == null)
 					return
 				descmax = input("Optional: Set description for maximum rating","Maximum rating description") as message|null
-				if(descmax)
-					descmax = sanitizeSQL(descmax)
-				else if(descmax == null)
+				if(descmax == null)
 					return
-			sql_option_list += list(list("text" = "'[option]'", "minval" = "'[minval]'", "maxval" = "'[maxval]'", "descmin" = "'[descmin]'", "descmid" = "'[descmid]'", "descmax" = "'[descmax]'", "default_percentage_calc" = "'[default_percentage_calc]'"))
+			sql_option_list += list(list(
+				"text" = option, "minval" = minval, "maxval" = maxval,
+				"descmin" = descmin, "descmid" = descmid, "descmax" = descmax,
+				"default_percentage_calc" = default_percentage_calc))
 			switch(alert(" ",,"Add option","Finish", "Cancel"))
 				if("Add option")
 					add_option = 1
@@ -129,14 +120,21 @@
 					return 0
 	var/m1 = "[key_name(usr)] has created a new server poll. Poll type: [polltype] - Admin Only: [adminonly ? "Yes" : "No"] - Question: [question]"
 	var/m2 = "[key_name_admin(usr)] has created a new server poll. Poll type: [polltype] - Admin Only: [adminonly ? "Yes" : "No"]<br>Question: [question]"
-	var/datum/DBQuery/query_polladd_question = SSdbcore.NewQuery("INSERT INTO [format_table_name("poll_question")] (polltype, starttime, endtime, question, adminonly, multiplechoiceoptions, createdby_ckey, createdby_ip, dontshow) VALUES ('[polltype]', '[starttime]', '[endtime]', '[question]', '[adminonly]', '[choice_amount]', '[sql_ckey]', INET_ATON('[address]'), '[dontshow]')")
+	var/datum/db_query/query_polladd_question = SSdbcore.NewQuery({"
+		INSERT INTO [format_table_name("poll_question")] (polltype, starttime, endtime, question, adminonly, multiplechoiceoptions, createdby_ckey, createdby_ip, dontshow)
+		VALUES (:polltype, :starttime, :endtime, :question, :adminonly, :choice_amount, :ckey, INET_ATON(:address), :dontshow)
+		"}, list(
+			"polltype" = polltype, "starttime" = starttime, "endtime" = endtime,
+			"question" = question, "adminonly" = adminonly, "choice_amount" = choice_amount,
+			"ckey" = ckey, "address" = address, "dontshow" = dontshow
+		))
 	if(!query_polladd_question.warn_execute())
 		qdel(query_polladd_question)
 		return
 	qdel(query_polladd_question)
 	if(polltype != POLLTYPE_TEXT)
 		var/pollid = 0
-		var/datum/DBQuery/query_get_id = SSdbcore.NewQuery("SELECT LAST_INSERT_ID()")
+		var/datum/db_query/query_get_id = SSdbcore.NewQuery("SELECT LAST_INSERT_ID()")
 		if(!query_get_id.warn_execute())
 			qdel(query_get_id)
 			return
@@ -145,6 +143,6 @@
 		qdel(query_get_id)
 		for(var/list/i in sql_option_list)
 			i |= list("pollid" = "'[pollid]'")
-		SSdbcore.MassInsert(format_table_name("poll_option"), sql_option_list, warn = 1)
+		SSdbcore.MassInsert(format_table_name("poll_option"), sql_option_list, warn = TRUE)
 	log_admin(m1)
 	message_admins(m2)
@@ -29,27 +29,27 @@
 		return
 	if (!bypasscache)
 		var/datum/ipintel/cachedintel = SSipintel.cache[ip]
-		if (cachedintel && cachedintel.is_valid())
+		if (cachedintel?.is_valid())
 			cachedintel.cache = TRUE
 			return cachedintel

 		if(SSdbcore.Connect())
 			var/rating_bad = CONFIG_GET(number/ipintel_rating_bad)
-			var/datum/DBQuery/query_get_ip_intel = SSdbcore.NewQuery({"
+			var/datum/db_query/query_get_ip_intel = SSdbcore.NewQuery({"
 				SELECT date, intel, TIMESTAMPDIFF(MINUTE,date,NOW())
 				FROM [format_table_name("ipintel")]
 				WHERE
-					ip = INET_ATON('[ip]')
+					ip = INET_ATON(':ip')
 					AND ((
-							intel < [rating_bad]
+							intel < :rating_bad
 							AND
-							date + INTERVAL [CONFIG_GET(number/ipintel_save_good)] HOUR > NOW()
+							date + INTERVAL :save_good HOUR > NOW()
 						) OR (
-							intel >= [rating_bad]
+							intel >= :rating_bad
 							AND
-							date + INTERVAL [CONFIG_GET(number/ipintel_save_bad)] HOUR > NOW()
+							date + INTERVAL :save_bad HOUR > NOW()
 					))
-				"})
+			"}, list("ip" = ip, "rating_bad" = rating_bad, "save_good" = CONFIG_GET(number/ipintel_save_good), "save_bad" = CONFIG_GET(number/ipintel_save_bad)))
 			if(!query_get_ip_intel.Execute())
 				qdel(query_get_ip_intel)
 				return
@@ -67,12 +67,15 @@
 	if (updatecache && res.intel >= 0)
 		SSipintel.cache[ip] = res
 		if(SSdbcore.Connect())
-			var/datum/DBQuery/query_add_ip_intel = SSdbcore.NewQuery("INSERT INTO [format_table_name("ipintel")] (ip, intel) VALUES (INET_ATON('[ip]'), [res.intel]) ON DUPLICATE KEY UPDATE intel = VALUES(intel), date = NOW()")
+			var/datum/db_query/query_add_ip_intel = SSdbcore.NewQuery(
+				"INSERT INTO [format_table_name("ipintel")] (ip, intel) VALUES (INET_ATON(:ip), :intel) ON DUPLICATE KEY UPDATE intel = VALUES(intel), date = NOW()",
+				list("ip" = ip, "intel" = res.intel)
+			)
 			query_add_ip_intel.Execute()
 			qdel(query_add_ip_intel)


-/proc/ip_intel_query(ip, var/retryed=0)
+/proc/ip_intel_query(ip, retryed=0)
 	. = -1 //default
 	if (!ip)
 		return
@@ -131,8 +134,3 @@
 /proc/log_ipintel(text)
 	log_game("IPINTEL: [text]")
 	debug_admins("IPINTEL: [text]")
-
-
-
-
-
@@ -15,21 +15,14 @@
 	else
 		output += "<br><a href='?_src_=holder;[HrefToken()];editrightsbrowserlog=1;editrightspage=0'>\[Log\]</a><br><a href='?_src_=holder;[HrefToken()];editrightsbrowsermanage=1'>\[Management\]</a>"
 	if(action == 1)
-		var/list/searchlist = list(" WHERE ")
-		if(target)
-			searchlist += "ckey = '[sanitizeSQL(target)]'"
-		if(operation)
-			if(target)
-				searchlist += " AND "
-			searchlist += "operation = '[sanitizeSQL(operation)]'"
-		var/search
-		if(searchlist.len > 1)
-			search = searchlist.Join("")
 		var/logcount = 0
 		var/logssperpage = 20
 		var/pagecount = 0
 		page = text2num(page)
-		var/datum/DBQuery/query_count_admin_logs = SSdbcore.NewQuery("SELECT COUNT(id) FROM [format_table_name("admin_log")][search]")
+		var/datum/db_query/query_count_admin_logs = SSdbcore.NewQuery(
+			"SELECT COUNT(id) FROM [format_table_name("admin_log")] WHERE (:target IS NULL OR adminckey = :target) AND (:operation IS NULL OR operation = :operation)",
+			list("target" = target, "operation" = operation)
+		)
 		if(!query_count_admin_logs.warn_execute())
 			qdel(query_count_admin_logs)
 			return
@@ -43,8 +36,20 @@
 				logcount -= logssperpage
 				pagecount++
 			output += "|"
-		var/limit = " LIMIT [logssperpage * page], [logssperpage]"
-		var/datum/DBQuery/query_search_admin_logs = SSdbcore.NewQuery("SELECT datetime, round_id, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey), operation, IF(ckey IS NULL, target, byond_key), log FROM [format_table_name("admin_log")] LEFT JOIN [format_table_name("player")] ON target = ckey[search] ORDER BY datetime DESC[limit]")
+		var/datum/db_query/query_search_admin_logs = SSdbcore.NewQuery({"
+			SELECT
+				datetime,
+				round_id,
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
+				operation,
+				IF(ckey IS NULL, target, byond_key),
+				log
+			FROM [format_table_name("admin_log")]
+			LEFT JOIN [format_table_name("player")] ON target = ckey
+			WHERE (:target IS NULL OR ckey = :target) AND (:operation IS NULL OR operation = :operation)
+			ORDER BY datetime DESC
+			LIMIT :skip, :take
+		"}, list("target" = target, "operation" = operation, "skip" = logssperpage * page, "take" = logssperpage))
 		if(!query_search_admin_logs.warn_execute())
 			qdel(query_search_admin_logs)
 			return
@@ -59,7 +64,7 @@
 		qdel(query_search_admin_logs)
 	if(action == 2)
 		output += "<h3>Admin ckeys with invalid ranks</h3>"
-		var/datum/DBQuery/query_check_admin_errors = SSdbcore.NewQuery("SELECT IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("admin")].ckey), ckey), [format_table_name("admin")].rank FROM [format_table_name("admin")] LEFT JOIN [format_table_name("admin_ranks")] ON [format_table_name("admin_ranks")].rank = [format_table_name("admin")].rank WHERE [format_table_name("admin_ranks")].rank IS NULL")
+		var/datum/db_query/query_check_admin_errors = SSdbcore.NewQuery("SELECT IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE [format_table_name("player")].ckey = [format_table_name("admin")].ckey), ckey), [format_table_name("admin")].`rank` FROM [format_table_name("admin")] LEFT JOIN [format_table_name("admin_ranks")] ON [format_table_name("admin_ranks")].`rank` = [format_table_name("admin")].`rank` WHERE [format_table_name("admin_ranks")].`rank` IS NULL")
 		if(!query_check_admin_errors.warn_execute())
 			qdel(query_check_admin_errors)
 			return
@@ -70,7 +75,7 @@
 			output += "<hr style='background:#000000; border:0; height:1px'>"
 		qdel(query_check_admin_errors)
 		output += "<h3>Unused ranks</h3>"
-		var/datum/DBQuery/query_check_unused_rank = SSdbcore.NewQuery("SELECT [format_table_name("admin_ranks")].rank, flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] LEFT JOIN [format_table_name("admin")] ON [format_table_name("admin")].rank = [format_table_name("admin_ranks")].rank WHERE [format_table_name("admin")].rank IS NULL")
+		var/datum/db_query/query_check_unused_rank = SSdbcore.NewQuery("SELECT [format_table_name("admin_ranks")].`rank`, flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] LEFT JOIN [format_table_name("admin")] ON [format_table_name("admin")].`rank` = [format_table_name("admin_ranks")].`rank` WHERE [format_table_name("admin")].`rank` IS NULL")
 		if(!query_check_unused_rank.warn_execute())
 			qdel(query_check_unused_rank)
 			return
@@ -130,7 +135,7 @@
 		log_admin("[key_name(usr)] attempted to edit admin permissions without sufficient rights.")
 		return
 	if(IsAdminAdvancedProcCall())
-		to_chat(usr, "<span class='admin prefix'>Admin Edit blocked: Advanced ProcCall detected.</span>")
+		to_chat(usr, "<span class='admin prefix'>Admin Edit blocked: Advanced ProcCall detected.</span>", confidential = TRUE)
 		return
 	var/datum/asset/permissions_assets = get_asset_datum(/datum/asset/simple/permissions)
 	permissions_assets.send(src)
@@ -145,19 +150,19 @@
 		skip = TRUE
 	if(!CONFIG_GET(flag/admin_legacy_system) && CONFIG_GET(flag/protect_legacy_admins) && task == "rank")
 		if(admin_ckey in GLOB.protected_admins)
-			to_chat(usr, "<span class='admin prefix'>Editing the rank of this admin is blocked by server configuration.</span>")
+			to_chat(usr, "<span class='admin prefix'>Editing the rank of this admin is blocked by server configuration.</span>", confidential = TRUE)
 			return
 	if(!CONFIG_GET(flag/admin_legacy_system) && CONFIG_GET(flag/protect_legacy_ranks) && task == "permissions")
 		if(D.rank in GLOB.protected_ranks)
-			to_chat(usr, "<span class='admin prefix'>Editing the flags of this rank is blocked by server configuration.</span>")
+			to_chat(usr, "<span class='admin prefix'>Editing the flags of this rank is blocked by server configuration.</span>", confidential = TRUE)
 			return
 	if(CONFIG_GET(flag/load_legacy_ranks_only) && (task == "add" || task == "rank" || task == "permissions"))
-		to_chat(usr, "<span class='admin prefix'>Database rank loading is disabled, only temporary changes can be made to a rank's permissions and permanently creating a new rank is blocked.</span>")
+		to_chat(usr, "<span class='admin prefix'>Database rank loading is disabled, only temporary changes can be made to a rank's permissions and permanently creating a new rank is blocked.</span>", confidential = TRUE)
 		legacy_only = TRUE
 	if(check_rights(R_DBRANKS, FALSE))
 		if(!skip)
 			if(!SSdbcore.Connect())
-				to_chat(usr, "<span class='danger'>Unable to connect to database, changes are temporary only.</span>")
+				to_chat(usr, "<span class='danger'>Unable to connect to database, changes are temporary only.</span>", confidential = TRUE)
 				use_db = FALSE
 			else
 				use_db = alert("Permanent changes are saved to the database for future rounds, temporary changes will affect only the current round", "Permanent or Temporary?", "Permanent", "Temporary", "Cancel")
@@ -165,7 +170,6 @@
 					return
 				if(use_db == "Permanent")
 					use_db = TRUE
-					admin_ckey = sanitizeSQL(admin_ckey)
 				else
 					use_db = FALSE
 			if(QDELETED(usr))
@@ -209,26 +213,34 @@
 	if(!.)
 		return FALSE
 	if(!admin_ckey && (. in GLOB.admin_datums+GLOB.deadmins))
-		to_chat(usr, "<span class='danger'>[admin_key] is already an admin.</span>")
+		to_chat(usr, "<span class='danger'>[admin_key] is already an admin.</span>", confidential = TRUE)
 		return FALSE
 	if(use_db)
-		. = sanitizeSQL(.)
 		//if an admin exists without a datum they won't be caught by the above
-		var/datum/DBQuery/query_admin_in_db = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("admin")] WHERE ckey = '[.]'")
+		var/datum/db_query/query_admin_in_db = SSdbcore.NewQuery(
+			"SELECT 1 FROM [format_table_name("admin")] WHERE ckey = :ckey",
+			list("ckey" = .)
+		)
 		if(!query_admin_in_db.warn_execute())
 			qdel(query_admin_in_db)
 			return FALSE
 		if(query_admin_in_db.NextRow())
 			qdel(query_admin_in_db)
-			to_chat(usr, "<span class='danger'>[admin_key] already listed in admin database. Check the Management tab if they don't appear in the list of admins.</span>")
+			to_chat(usr, "<span class='danger'>[admin_key] already listed in admin database. Check the Management tab if they don't appear in the list of admins.</span>", confidential = TRUE)
 			return FALSE
 		qdel(query_admin_in_db)
-		var/datum/DBQuery/query_add_admin = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin")] (ckey, rank) VALUES ('[.]', 'NEW ADMIN')")
+		var/datum/db_query/query_add_admin = SSdbcore.NewQuery(
+			"INSERT INTO [format_table_name("admin")] (ckey, `rank`) VALUES (:ckey, 'NEW ADMIN')",
+			list("ckey" = .)
+		)
 		if(!query_add_admin.warn_execute())
 			qdel(query_add_admin)
 			return FALSE
 		qdel(query_add_admin)
-		var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'add admin', '[.]', 'New admin added: [.]')")
+		var/datum/db_query/query_add_admin_log = SSdbcore.NewQuery({"
+			INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
+			VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'add admin', :target, CONCAT('New admin added: ', :target))
+		"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "target" = .))
 		if(!query_add_admin_log.warn_execute())
 			qdel(query_add_admin_log)
 			return FALSE
@@ -243,12 +255,18 @@
 		var/m1 = "[key_name_admin(usr)] removed [admin_key] from the admins list [use_db ? "permanently" : "temporarily"]"
 		var/m2 = "[key_name(usr)] removed [admin_key] from the admins list [use_db ? "permanently" : "temporarily"]"
 		if(use_db)
-			var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery("DELETE FROM [format_table_name("admin")] WHERE ckey = '[admin_ckey]'")
+			var/datum/db_query/query_add_rank = SSdbcore.NewQuery(
+				"DELETE FROM [format_table_name("admin")] WHERE ckey = :ckey",
+				list("ckey" = admin_ckey)
+			)
 			if(!query_add_rank.warn_execute())
 				qdel(query_add_rank)
 				return
 			qdel(query_add_rank)
-			var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'remove admin', '[admin_ckey]', 'Admin removed: [admin_ckey]')")
+			var/datum/db_query/query_add_rank_log = SSdbcore.NewQuery({"
+				INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
+				VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'remove admin', :admin_ckey, CONCAT('Admin removed: ', :admin_ckey))
+			"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "admin_ckey" = admin_ckey))
 			if(!query_add_rank_log.warn_execute())
 				qdel(query_add_rank_log)
 				return
@@ -271,6 +289,14 @@
 	log_admin("[key_name(usr)] forcefully deadmined [admin_key]")
 	D.deactivate() //after logs so the deadmined admin can see the message.

+/datum/admins/proc/auto_deadmin()
+	to_chat(owner, "<span class='interface'>You are now a normal player.</span>", confidential = TRUE)
+	var/old_owner = owner
+	deactivate()
+	message_admins("[old_owner] deadmined via auto-deadmin config.")
+	log_admin("[old_owner] deadmined via auto-deadmin config.")
+	return TRUE
+
 /datum/admins/proc/change_admin_rank(admin_ckey, admin_key, use_db, datum/admins/D, legacy_only)
 	var/datum/admin_rank/R
 	var/list/rank_names = list()
@@ -281,7 +307,7 @@
 			rank_names[R.name] = R
 	var/new_rank = input("Please select a rank", "New rank") as null|anything in rank_names
 	if(new_rank == "*New Rank*")
-		new_rank = ckeyEx(input("Please input a new rank", "New custom rank") as text|null)
+		new_rank = input("Please input a new rank", "New custom rank") as text|null
 	if(!new_rank)
 		return
 	R = rank_names[new_rank]
@@ -294,10 +320,12 @@
 	var/m1 = "[key_name_admin(usr)] edited the admin rank of [admin_key] to [new_rank] [use_db ? "permanently" : "temporarily"]"
 	var/m2 = "[key_name(usr)] edited the admin rank of [admin_key] to [new_rank] [use_db ? "permanently" : "temporarily"]"
 	if(use_db)
-		new_rank = sanitizeSQL(new_rank)
 		//if a player was tempminned before having a permanent change made to their rank they won't yet be in the db
 		var/old_rank
-		var/datum/DBQuery/query_admin_in_db = SSdbcore.NewQuery("SELECT rank FROM [format_table_name("admin")] WHERE ckey = '[admin_ckey]'")
+		var/datum/db_query/query_admin_in_db = SSdbcore.NewQuery(
+			"SELECT `rank` FROM [format_table_name("admin")] WHERE ckey = :admin_ckey",
+			list("admin_ckey" = admin_ckey)
+		)
 		if(!query_admin_in_db.warn_execute())
 			qdel(query_admin_in_db)
 			return
@@ -308,29 +336,44 @@
 			old_rank = query_admin_in_db.item[1]
 		qdel(query_admin_in_db)
 		//similarly if a temp rank is created it won't be in the db if someone is permanently changed to it
-		var/datum/DBQuery/query_rank_in_db = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("admin_ranks")] WHERE rank = '[new_rank]'")
+		var/datum/db_query/query_rank_in_db = SSdbcore.NewQuery(
+			"SELECT 1 FROM [format_table_name("admin_ranks")] WHERE `rank` = :new_rank",
+			list("new_rank" = new_rank)
+		)
 		if(!query_rank_in_db.warn_execute())
 			qdel(query_rank_in_db)
 			return
 		if(!query_rank_in_db.NextRow())
 			QDEL_NULL(query_rank_in_db)
-			var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_ranks")] (rank, flags, exclude_flags, can_edit_flags) VALUES ('[new_rank]', '0', '0', '0')")
+			var/datum/db_query/query_add_rank = SSdbcore.NewQuery({"
+				INSERT INTO [format_table_name("admin_ranks")] (`rank`, flags, exclude_flags, can_edit_flags)
+				VALUES (:new_rank, '0', '0', '0')
+			"}, list("new_rank" = new_rank))
 			if(!query_add_rank.warn_execute())
 				qdel(query_add_rank)
 				return
 			qdel(query_add_rank)
-			var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'add rank', '[new_rank]', 'New rank added: [new_rank]')")
+			var/datum/db_query/query_add_rank_log = SSdbcore.NewQuery({"
+				INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
+				VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'add rank', :new_rank, CONCAT('New rank added: ', :new_rank))
+			"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "new_rank" = new_rank))
 			if(!query_add_rank_log.warn_execute())
 				qdel(query_add_rank_log)
 				return
 			qdel(query_add_rank_log)
 		qdel(query_rank_in_db)
-		var/datum/DBQuery/query_change_rank = SSdbcore.NewQuery("UPDATE [format_table_name("admin")] SET rank = '[new_rank]' WHERE ckey = '[admin_ckey]'")
+		var/datum/db_query/query_change_rank = SSdbcore.NewQuery(
+			"UPDATE [format_table_name("admin")] SET `rank` = :new_rank WHERE ckey = :admin_ckey",
+			list("new_rank" = new_rank, "admin_ckey" = admin_ckey)
+		)
 		if(!query_change_rank.warn_execute())
 			qdel(query_change_rank)
 			return
 		qdel(query_change_rank)
-		var/datum/DBQuery/query_change_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'change admin rank', '[admin_ckey]', 'Rank of [admin_ckey] changed from [old_rank] to [new_rank]')")
+		var/datum/db_query/query_change_rank_log = SSdbcore.NewQuery({"
+			INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
+			VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'change admin rank', :target, CONCAT('Rank of ', :target, ' changed from ', :old_rank, ' to ', :new_rank))
+		"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "target" = admin_ckey, "old_rank" = old_rank, "new_rank" = new_rank))
 		if(!query_change_rank_log.warn_execute())
 			qdel(query_change_rank_log)
 			return
@@ -357,11 +400,15 @@
 		return
 	var/m1 = "[key_name_admin(usr)] edited the permissions of [use_db ? " rank [D.rank.name] permanently" : "[admin_key] temporarily"]"
 	var/m2 = "[key_name(usr)] edited the permissions of [use_db ? " rank [D.rank.name] permanently" : "[admin_key] temporarily"]"
-	if(use_db || legacy_only)
+	if(use_db && !legacy_only)
+		var/rank_name = D.rank.name
 		var/old_flags
 		var/old_exclude_flags
 		var/old_can_edit_flags
-		var/datum/DBQuery/query_get_rank_flags = SSdbcore.NewQuery("SELECT flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] WHERE rank = '[D.rank.name]'")
+		var/datum/db_query/query_get_rank_flags = SSdbcore.NewQuery(
+			"SELECT flags, exclude_flags, can_edit_flags FROM [format_table_name("admin_ranks")] WHERE `rank` = :rank_name",
+			list("rank_name" = rank_name)
+		)
 		if(!query_get_rank_flags.warn_execute())
 			qdel(query_get_rank_flags)
 			return
@@ -370,12 +417,19 @@
 			old_exclude_flags = text2num(query_get_rank_flags.item[2])
 			old_can_edit_flags = text2num(query_get_rank_flags.item[3])
 		qdel(query_get_rank_flags)
-		var/datum/DBQuery/query_change_rank_flags = SSdbcore.NewQuery("UPDATE [format_table_name("admin_ranks")] SET flags = '[new_flags]', exclude_flags = '[new_exclude_flags]', can_edit_flags = '[new_can_edit_flags]' WHERE rank = '[D.rank.name]'")
+		var/datum/db_query/query_change_rank_flags = SSdbcore.NewQuery(
+			"UPDATE [format_table_name("admin_ranks")] SET flags = :new_flags, exclude_flags = :new_exclude_flags, can_edit_flags = :new_can_edit_flags WHERE `rank` = :rank_name",
+			list("new_flags" = new_flags, "new_exclude_flags" = new_exclude_flags, "new_can_edit_flags" = new_can_edit_flags, "rank_name" = rank_name)
+		)
 		if(!query_change_rank_flags.warn_execute())
 			qdel(query_change_rank_flags)
 			return
 		qdel(query_change_rank_flags)
-		var/datum/DBQuery/query_change_rank_flags_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'change rank flags', '[D.rank.name]', 'Permissions of [D.rank.name] changed from[rights2text(old_flags," ")][rights2text(old_exclude_flags," ", "-")][rights2text(old_can_edit_flags," ", "*")] to[rights2text(new_flags," ")][rights2text(new_exclude_flags," ", "-")][rights2text(new_can_edit_flags," ", "*")]')")
+		var/log_message = "Permissions of [rank_name] changed from[rights2text(old_flags," ")][rights2text(old_exclude_flags," ", "-")][rights2text(old_can_edit_flags," ", "*")] to[rights2text(new_flags," ")][rights2text(new_exclude_flags," ", "-")][rights2text(new_can_edit_flags," ", "*")]"
+		var/datum/db_query/query_change_rank_flags_log = SSdbcore.NewQuery({"
+			INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
+			VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'change rank flags', :rank_name, :log)
+		"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "rank_name" = rank_name, "log" = log_message))
 		if(!query_change_rank_flags_log.warn_execute())
 			qdel(query_change_rank_flags_log)
 			return
@@ -418,33 +472,41 @@
 		return
 	for(var/datum/admin_rank/R in GLOB.admin_ranks)
 		if(R.name == admin_rank && (!(R.rights & usr.client.holder.rank.can_edit_rights) == R.rights))
-			to_chat(usr, "<span class='admin prefix'>You don't have edit rights to all the rights this rank has, rank deletion not permitted.</span>")
+			to_chat(usr, "<span class='admin prefix'>You don't have edit rights to all the rights this rank has, rank deletion not permitted.</span>", confidential = TRUE)
 			return
 	if(!CONFIG_GET(flag/admin_legacy_system) && CONFIG_GET(flag/protect_legacy_ranks) && (admin_rank in GLOB.protected_ranks))
-		to_chat(usr, "<span class='admin prefix'>Deletion of protected ranks is not permitted, it must be removed from admin_ranks.txt.</span>")
+		to_chat(usr, "<span class='admin prefix'>Deletion of protected ranks is not permitted, it must be removed from admin_ranks.txt.</span>", confidential = TRUE)
 		return
 	if(CONFIG_GET(flag/load_legacy_ranks_only))
-		to_chat(usr, "<span class='admin prefix'>Rank deletion not permitted while database rank loading is disabled.</span>")
+		to_chat(usr, "<span class='admin prefix'>Rank deletion not permitted while database rank loading is disabled.</span>", confidential = TRUE)
 		return
-	admin_rank = sanitizeSQL(admin_rank)
-	var/datum/DBQuery/query_admins_with_rank = SSdbcore.NewQuery("SELECT 1 FROM [format_table_name("admin")] WHERE rank = '[admin_rank]'")
+	var/datum/db_query/query_admins_with_rank = SSdbcore.NewQuery(
+		"SELECT 1 FROM [format_table_name("admin")] WHERE `rank` = :admin_rank",
+		list("admin_rank" = admin_rank)
+	)
 	if(!query_admins_with_rank.warn_execute())
 		qdel(query_admins_with_rank)
 		return
 	if(query_admins_with_rank.NextRow())
 		qdel(query_admins_with_rank)
-		to_chat(usr, "<span class='danger'>Error: Rank deletion attempted while rank still used; Tell a coder, this shouldn't happen.</span>")
+		to_chat(usr, "<span class='danger'>Error: Rank deletion attempted while rank still used; Tell a coder, this shouldn't happen.</span>", confidential = TRUE)
 		return
 	qdel(query_admins_with_rank)
 	if(alert("Are you sure you want to remove [admin_rank]?","Confirm Removal","Do it","Cancel") == "Do it")
 		var/m1 = "[key_name_admin(usr)] removed rank [admin_rank] permanently"
 		var/m2 = "[key_name(usr)] removed rank [admin_rank] permanently"
-		var/datum/DBQuery/query_add_rank = SSdbcore.NewQuery("DELETE FROM [format_table_name("admin_ranks")] WHERE rank = '[admin_rank]'")
+		var/datum/db_query/query_add_rank = SSdbcore.NewQuery(
+			"DELETE FROM [format_table_name("admin_ranks")] WHERE `rank` = :admin_rank",
+			list("admin_rank" = admin_rank)
+		)
 		if(!query_add_rank.warn_execute())
 			qdel(query_add_rank)
 			return
 		qdel(query_add_rank)
-		var/datum/DBQuery/query_add_rank_log = SSdbcore.NewQuery("INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log) VALUES ('[SQLtime()]', '[GLOB.round_id]', '[sanitizeSQL(usr.ckey)]', INET_ATON('[sanitizeSQL(usr.client.address)]'), 'remove rank', '[admin_rank]', 'Rank removed: [admin_rank]')")
+		var/datum/db_query/query_add_rank_log = SSdbcore.NewQuery({"
+			INSERT INTO [format_table_name("admin_log")] (datetime, round_id, adminckey, adminip, operation, target, log)
+			VALUES (:time, :round_id, :adminckey, INET_ATON(:adminip), 'remove rank', :admin_rank, CONCAT('Rank removed: ', :admin_rank))
+		"}, list("time" = SQLtime(), "round_id" = "[GLOB.round_id]", "adminckey" = usr.ckey, "adminip" = usr.client.address, "admin_rank" = admin_rank))
 		if(!query_add_rank_log.warn_execute())
 			qdel(query_add_rank_log)
 			return
@@ -455,11 +517,13 @@
 /datum/admins/proc/sync_lastadminrank(admin_ckey, admin_key, datum/admins/D)
 	var/sqlrank = "Player"
 	if (D)
-		sqlrank = sanitizeSQL(D.rank.name)
-	admin_ckey = sanitizeSQL(admin_ckey)
-	var/datum/DBQuery/query_sync_lastadminrank = SSdbcore.NewQuery("UPDATE [format_table_name("player")] SET lastadminrank = '[sqlrank]' WHERE ckey = '[admin_ckey]'")
+		sqlrank = D.rank.name
+	var/datum/db_query/query_sync_lastadminrank = SSdbcore.NewQuery(
+		"UPDATE [format_table_name("player")] SET lastadminrank = :rank WHERE ckey = :ckey",
+		list("rank" = sqlrank, "ckey" = admin_ckey)
+	)
 	if(!query_sync_lastadminrank.warn_execute())
 		qdel(query_sync_lastadminrank)
 		return
 	qdel(query_sync_lastadminrank)
-	to_chat(usr, "<span class='admin'>Sync of [admin_key] successful.</span>")
+	to_chat(usr, "<span class='admin'>Sync of [admin_key] successful.</span>", confidential = TRUE)
@@ -1,6 +1,6 @@
 /proc/create_message(type, target_key, admin_ckey, text, timestamp, server, secret, logged = 1, browse, expiry, note_severity)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	if(!type)
 		return
@@ -9,8 +9,11 @@
 		var/new_key = input(usr,"Who would you like to create a [type] for?","Enter a key or ckey",null) as null|text
 		if(!new_key)
 			return
-		var/new_ckey = sanitizeSQL(ckey(new_key))
-		var/datum/DBQuery/query_find_ckey = SSdbcore.NewQuery("SELECT ckey FROM [format_table_name("player")] WHERE ckey = '[new_ckey]'")
+		var/new_ckey = ckey(new_key)
+		var/datum/db_query/query_find_ckey = SSdbcore.NewQuery(
+			"SELECT ckey FROM [format_table_name("player")] WHERE ckey = :ckey",
+			list("ckey" = new_ckey)
+		)
 		if(!query_find_ckey.warn_execute())
 			qdel(query_find_ckey)
 			return
@@ -23,29 +26,24 @@
 		target_key = new_key
 	if(QDELETED(usr))
 		return
-	if(target_ckey)
-		target_ckey = sanitizeSQL(target_ckey)
 	if(!target_key)
 		target_key = target_ckey
 	if(!admin_ckey)
 		admin_ckey = usr.ckey
 		if(!admin_ckey)
 			return
-	admin_ckey = sanitizeSQL(admin_ckey)
 	if(!target_ckey)
 		target_ckey = admin_ckey
 	if(!text)
 		text = input(usr,"Write your [type]","Create [type]") as null|message
 		if(!text)
 			return
-	text = sanitizeSQL(text)
 	if(!timestamp)
 		timestamp = SQLtime()
 	if(!server)
 		var/ssqlname = CONFIG_GET(string/serversqlname)
 		if (ssqlname)
 			server = ssqlname
-	server = sanitizeSQL(server)
 	if(isnull(secret))
 		switch(alert("Hide note from being viewed by players?", "Secret note?","Yes","No","Cancel"))
 			if("Yes")
@@ -59,15 +57,17 @@
 			var/expire_time = input("Set expiry time for [type] as format YYYY-MM-DD HH:MM:SS. All times in server time. HH:MM:SS is optional and 24-hour. Must be later than current time for obvious reasons.", "Set expiry time", SQLtime()) as null|text
 			if(!expire_time)
 				return
-			expire_time = sanitizeSQL(expire_time)
-			var/datum/DBQuery/query_validate_expire_time = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[expire_time]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[expire_time]','%Y-%c-%d %T'), 0)")
+			var/datum/db_query/query_validate_expire_time = SSdbcore.NewQuery(
+				"SELECT IF(STR_TO_DATE(:expire_time,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:expire_time,'%Y-%c-%d %T'), 0)",
+				list("expire_time" = expire_time)
+			)
 			if(!query_validate_expire_time.warn_execute())
 				qdel(query_validate_expire_time)
 				return
 			if(query_validate_expire_time.NextRow())
 				var/checktime = text2num(query_validate_expire_time.item[1])
 				if(!checktime)
-					to_chat(usr, "Datetime entered is improperly formatted or not later than current server time.")
+					to_chat(usr, "Datetime entered is improperly formatted or not later than current server time.", confidential = TRUE)
 					qdel(query_validate_expire_time)
 					return
 				expiry = query_validate_expire_time.item[1]
@@ -76,8 +76,23 @@
 		note_severity = input("Set the severity of the note.", "Severity", null, null) as null|anything in list("High", "Medium", "Minor", "None")
 		if(!note_severity)
 			return
-	note_severity = sanitizeSQL(note_severity)
-	var/datum/DBQuery/query_create_message = SSdbcore.NewQuery("INSERT INTO [format_table_name("messages")] (type, targetckey, adminckey, text, timestamp, server, server_ip, server_port, round_id, secret, expire_timestamp, severity) VALUES ('[type]', '[target_ckey]', '[admin_ckey]', '[text]', '[timestamp]', '[server]', INET_ATON(IF('[world.internet_address]' LIKE '', '0', '[world.internet_address]')), '[world.port]', '[GLOB.round_id]','[secret]', [expiry ? "'[expiry]'" : "NULL"], [note_severity ? "'[note_severity]'" : "NULL"])")
+	var/datum/db_query/query_create_message = SSdbcore.NewQuery({"
+		INSERT INTO [format_table_name("messages")] (type, targetckey, adminckey, text, timestamp, server, server_ip, server_port, round_id, secret, expire_timestamp, severity)
+		VALUES (:type, :target_ckey, :admin_ckey, :text, :timestamp, :server, INET_ATON(:internet_address), :port, :round_id, :secret, :expiry, :note_severity)
+	"}, list(
+		"type" = type,
+		"target_ckey" = target_ckey,
+		"admin_ckey" = admin_ckey,
+		"text" = text,
+		"timestamp" = timestamp,
+		"server" = server,
+		"internet_address" = world.internet_address || "0",
+		"port" = "[world.port]",
+		"round_id" = GLOB.round_id,
+		"secret" = secret,
+		"expiry" = expiry || null,
+		"note_severity" = note_severity,
+	))
 	var/pm = "[key_name(usr)] has created a [type][(type == "note" || type == "message" || type == "watchlist entry") ? " for [target_key]" : ""]: [text]"
 	var/header = "[key_name_admin(usr)] has created a [type][(type == "note" || type == "message" || type == "watchlist entry") ? " for [target_key]" : ""]"
 	if(!query_create_message.warn_execute())
@@ -96,7 +111,7 @@

 /proc/delete_message(message_id, logged = 1, browse)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	message_id = text2num(message_id)
 	if(!message_id)
@@ -106,7 +121,11 @@
 	var/text
 	var/user_key_name = key_name(usr)
 	var/user_name_admin = key_name_admin(usr)
-	var/datum/DBQuery/query_find_del_message = SSdbcore.NewQuery("SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), text FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
+	var/deleted_by_ckey = usr.ckey
+	var/datum/db_query/query_find_del_message = SSdbcore.NewQuery(
+		"SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), text FROM [format_table_name("messages")] WHERE id = :id AND deleted = 0",
+		list("id" = message_id)
+	)
 	if(!query_find_del_message.warn_execute())
 		qdel(query_find_del_message)
 		return
@@ -115,7 +134,10 @@
 		target_key = query_find_del_message.item[2]
 		text = query_find_del_message.item[3]
 	qdel(query_find_del_message)
-	var/datum/DBQuery/query_del_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET deleted = 1 WHERE id = [message_id]")
+	var/datum/db_query/query_del_message = SSdbcore.NewQuery(
+		"UPDATE [format_table_name("messages")] SET deleted = 1, deleted_ckey = :deleted_ckey WHERE id = :id",
+		list("deleted_ckey" = deleted_by_ckey, "id" = message_id)
+	)
 	if(!query_del_message.warn_execute())
 		qdel(query_del_message)
 		return
@@ -132,16 +154,24 @@

 /proc/edit_message(message_id, browse)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	message_id = text2num(message_id)
 	if(!message_id)
 		return
-	var/editor_ckey = sanitizeSQL(usr.ckey)
-	var/editor_key = sanitizeSQL(usr.key)
+	var/editor_ckey = usr.ckey
+	var/editor_key = usr.key
 	var/kn = key_name(usr)
 	var/kna = key_name_admin(usr)
-	var/datum/DBQuery/query_find_edit_message = SSdbcore.NewQuery("SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), targetckey), text FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
+	var/datum/db_query/query_find_edit_message = SSdbcore.NewQuery({"
+		SELECT
+			type,
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), targetckey),
+			text
+		FROM [format_table_name("messages")]
+		WHERE id = :id AND deleted = 0
+	"}, list("id" = message_id))
 	if(!query_find_edit_message.warn_execute())
 		qdel(query_find_edit_message)
 		return
@@ -154,9 +184,12 @@
 		if(!new_text)
 			qdel(query_find_edit_message)
 			return
-		new_text = sanitizeSQL(new_text)
-		var/edit_text = sanitizeSQL("Edited by [editor_key] on [SQLtime()] from<br>[old_text]<br>to<br>[new_text]<hr>")
-		var/datum/DBQuery/query_edit_message = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET text = '[new_text]', lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
+		var/edit_text = "Edited by [editor_key] on [SQLtime()] from<br>[old_text]<br>to<br>[new_text]<hr>"
+		var/datum/db_query/query_edit_message = SSdbcore.NewQuery({"
+			UPDATE [format_table_name("messages")]
+			SET text = :text, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
+			WHERE id = :id AND deleted = 0
+		"}, list("text" = new_text, "lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
 		if(!query_edit_message.warn_execute())
 			qdel(query_edit_message)
 			return
@@ -171,16 +204,24 @@

 /proc/edit_message_expiry(message_id, browse)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	message_id = text2num(message_id)
 	if(!message_id)
 		return
-	var/editor_ckey = sanitizeSQL(usr.ckey)
-	var/editor_key = sanitizeSQL(usr.key)
+	var/editor_ckey = usr.ckey
+	var/editor_key = usr.key
 	var/kn = key_name(usr)
 	var/kna = key_name_admin(usr)
-	var/datum/DBQuery/query_find_edit_expiry_message = SSdbcore.NewQuery("SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey), expire_timestamp FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
+	var/datum/db_query/query_find_edit_expiry_message = SSdbcore.NewQuery({"
+		SELECT
+			type,
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
+			expire_timestamp
+		FROM [format_table_name("messages")]
+		WHERE id = :id AND deleted = 0
+	"}, list("id" = message_id))
 	if(!query_find_edit_expiry_message.warn_execute())
 		qdel(query_find_edit_expiry_message)
 		return
@@ -197,8 +238,9 @@
 		if(expire_time == "-1")
 			new_expiry = "non-expiring"
 		else
-			expire_time = sanitizeSQL(expire_time)
-			var/datum/DBQuery/query_validate_expire_time_edit = SSdbcore.NewQuery("SELECT IF(STR_TO_DATE('[expire_time]','%Y-%c-%d %T') > NOW(), STR_TO_DATE('[expire_time]','%Y-%c-%d %T'), 0)")
+			var/datum/db_query/query_validate_expire_time_edit = SSdbcore.NewQuery({"
+				SELECT IF(STR_TO_DATE(:expire_time,'%Y-%c-%d %T') > NOW(), STR_TO_DATE(:expire_time,'%Y-%c-%d %T'), 0)
+			"}, list("expire_time" = expire_time))
 			if(!query_validate_expire_time_edit.warn_execute())
 				qdel(query_validate_expire_time_edit)
 				qdel(query_find_edit_expiry_message)
@@ -206,14 +248,18 @@
 			if(query_validate_expire_time_edit.NextRow())
 				var/checktime = text2num(query_validate_expire_time_edit.item[1])
 				if(!checktime)
-					to_chat(usr, "Datetime entered is improperly formatted or not later than current server time.")
+					to_chat(usr, "Datetime entered is improperly formatted or not later than current server time.", confidential = TRUE)
 					qdel(query_validate_expire_time_edit)
 					qdel(query_find_edit_expiry_message)
 					return
 				new_expiry = query_validate_expire_time_edit.item[1]
 			qdel(query_validate_expire_time_edit)
-		var/edit_text = sanitizeSQL("Expiration time edited by [editor_key] on [SQLtime()] from [old_expiry] to [new_expiry]<hr>")
-		var/datum/DBQuery/query_edit_message_expiry = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET expire_timestamp = [expire_time == "-1" ? "NULL" : "'[new_expiry]'"], lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
+		var/edit_text = "Expiration time edited by [editor_key] on [SQLtime()] from [old_expiry] to [new_expiry]<hr>"
+		var/datum/db_query/query_edit_message_expiry = SSdbcore.NewQuery({"
+			UPDATE [format_table_name("messages")]
+			SET expire_timestamp = :expire_time, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
+			WHERE id = :id AND deleted = 0
+		"}, list("expire_time" = (expire_time == "-1" ? null : new_expiry), "lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
 		if(!query_edit_message_expiry.warn_execute())
 			qdel(query_edit_message_expiry)
 			qdel(query_find_edit_expiry_message)
@@ -229,14 +275,22 @@

 /proc/edit_message_severity(message_id)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	message_id = text2num(message_id)
 	if(!message_id)
 		return
 	var/kn = key_name(usr)
 	var/kna = key_name_admin(usr)
-	var/datum/DBQuery/query_find_edit_note_severity = SSdbcore.NewQuery("SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey), severity FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
+	var/datum/db_query/query_find_edit_note_severity = SSdbcore.NewQuery({"
+		SELECT
+			type,
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
+			severity
+		FROM [format_table_name("messages")]
+		WHERE id = :id AND deleted = 0
+	"}, list("id" = message_id))
 	if(!query_find_edit_note_severity.warn_execute())
 		qdel(query_find_edit_note_severity)
 		return
@@ -247,15 +301,19 @@
 		var/old_severity = query_find_edit_note_severity.item[4]
 		if(!old_severity)
 			old_severity = "NA"
-		var/editor_key = sanitizeSQL(usr.key)
-		var/editor_ckey = sanitizeSQL(usr.ckey)
+		var/editor_key = usr.key
+		var/editor_ckey = usr.ckey
 		var/new_severity = input("Set the severity of the note.", "Severity", null, null) as null|anything in list("high", "medium", "minor", "none") //lowercase for edit log consistency
 		if(!new_severity)
 			qdel(query_find_edit_note_severity)
 			return
-		new_severity = sanitizeSQL(new_severity)
-		var/edit_text = sanitizeSQL("Note severity edited by [editor_key] on [SQLtime()] from [old_severity] to [new_severity]<hr>")
-		var/datum/DBQuery/query_edit_note_severity = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET severity = '[new_severity]', lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id] AND deleted = 0")
+		new_severity = new_severity
+		var/edit_text = "Note severity edited by [editor_key] on [SQLtime()] from [old_severity] to [new_severity]<hr>"
+		var/datum/db_query/query_edit_note_severity = SSdbcore.NewQuery({"
+			UPDATE [format_table_name("messages")]
+			SET severity = :severity, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
+			WHERE id = :id AND deleted = 0
+		"}, list("severity" = new_severity, "lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
 		if(!query_edit_note_severity.warn_execute(async = TRUE))
 			qdel(query_edit_note_severity)
 			qdel(qdel(query_find_edit_note_severity))
@@ -268,16 +326,24 @@

 /proc/toggle_message_secrecy(message_id)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	message_id = text2num(message_id)
 	if(!message_id)
 		return
-	var/editor_ckey = sanitizeSQL(usr.ckey)
-	var/editor_key = sanitizeSQL(usr.key)
+	var/editor_ckey = usr.ckey
+	var/editor_key = usr.key
 	var/kn = key_name(usr)
 	var/kna = key_name_admin(usr)
-	var/datum/DBQuery/query_find_message_secret = SSdbcore.NewQuery("SELECT type, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), targetckey), secret FROM [format_table_name("messages")] WHERE id = [message_id] AND deleted = 0")
+	var/datum/db_query/query_find_message_secret = SSdbcore.NewQuery({"
+		SELECT
+			type,
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), targetckey),
+			secret
+		FROM [format_table_name("messages")]
+		WHERE id = :id AND deleted = 0
+	"}, list("id" = message_id))
 	if(!query_find_message_secret.warn_execute())
 		qdel(query_find_message_secret)
 		return
@@ -287,7 +353,11 @@
 		var/admin_key = query_find_message_secret.item[3]
 		var/secret = text2num(query_find_message_secret.item[4])
 		var/edit_text = "Made [secret ? "not secret" : "secret"] by [editor_key] on [SQLtime()]<hr>"
-		var/datum/DBQuery/query_message_secret = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET secret = NOT secret, lasteditor = '[editor_ckey]', edits = CONCAT(IFNULL(edits,''),'[edit_text]') WHERE id = [message_id]")
+		var/datum/db_query/query_message_secret = SSdbcore.NewQuery({"
+			UPDATE [format_table_name("messages")]
+			SET secret = NOT secret, lasteditor = :lasteditor, edits = CONCAT(IFNULL(edits,''),:edit_text)
+			WHERE id = :id
+		"}, list("lasteditor" = editor_ckey, "edit_text" = edit_text, "id" = message_id))
 		if(!query_message_secret.warn_execute())
 			qdel(query_find_message_secret)
 			qdel(query_message_secret)
@@ -298,11 +368,9 @@
 		browse_messages(target_ckey = ckey(target_key), agegate = TRUE)
 	qdel(query_find_message_secret)

-/proc/browse_messages(type, target_ckey, index, linkless = FALSE, filter, agegate = FALSE, override = FALSE)
-	if((!override || IsAdminAdvancedProcCall()) && !check_rights(R_SENSITIVE))
-		return
+/proc/browse_messages(type, target_ckey, index, linkless = FALSE, filter, agegate = FALSE)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	var/list/output = list()
 	var/ruler = "<hr style='background:#000000; border:0; height:3px'>"
@@ -329,7 +397,20 @@
 			else
 				output += "<a href='?_src_=holder;[HrefToken()];showwatchfilter=1'>Filter offline clients</a></center>"
 		output += ruler
-		var/datum/DBQuery/query_get_type_messages = SSdbcore.NewQuery("SELECT id, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), targetckey, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey), text, timestamp, server, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor), expire_timestamp FROM [format_table_name("messages")] WHERE type = '[type]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)")
+		var/datum/db_query/query_get_type_messages = SSdbcore.NewQuery({"
+			SELECT
+				id,
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
+				targetckey,
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
+				text,
+				timestamp,
+				server,
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor),
+				expire_timestamp
+			FROM [format_table_name("messages")]
+			WHERE type = :type AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
+		"}, list("type" = type))
 		if(!query_get_type_messages.warn_execute())
 			qdel(query_get_type_messages)
 			return
@@ -362,9 +443,24 @@
 			output += "<br>[text]<hr style='background:#000000; border:0; height:1px'>"
 		qdel(query_get_type_messages)
 	if(target_ckey)
-		target_ckey = sanitizeSQL(target_ckey)
 		var/target_key
-		var/datum/DBQuery/query_get_messages = SSdbcore.NewQuery("SELECT type, secret, id, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey), text, timestamp, server, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor), DATEDIFF(NOW(), timestamp), IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey), expire_timestamp, severity FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey = '[target_ckey]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY timestamp DESC")
+		var/datum/db_query/query_get_messages = SSdbcore.NewQuery({"
+			SELECT
+				type,
+				secret,
+				id,
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
+				text,
+				timestamp,
+				server,
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor),
+				DATEDIFF(NOW(), timestamp),
+				IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey), targetckey),
+				expire_timestamp, severity
+			FROM [format_table_name("messages")]
+			WHERE type <> 'memo' AND targetckey = :targetckey AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
+			ORDER BY timestamp DESC
+		"}, list("targetckey" = target_ckey))
 		if(!query_get_messages.warn_execute())
 			qdel(query_get_messages)
 			return
@@ -442,7 +538,9 @@
 					notedata += data
 		qdel(query_get_messages)
 		if(!target_key)
-			var/datum/DBQuery/query_get_message_key = SSdbcore.NewQuery("SELECT byond_key FROM [format_table_name("player")] WHERE ckey = '[target_ckey]'")
+			var/datum/db_query/query_get_message_key = SSdbcore.NewQuery({"
+				SELECT byond_key FROM [format_table_name("player")] WHERE ckey = :ckey
+			"}, list("ckey" = target_ckey))
 			if(!query_get_message_key.warn_execute())
 				qdel(query_get_message_key)
 				return
@@ -479,8 +577,6 @@
 		var/search
 		output += "<center><a href='?_src_=holder;[HrefToken()];addmessageempty=1'>Add message</a><a href='?_src_=holder;[HrefToken()];addwatchempty=1'>Add watchlist entry</a><a href='?_src_=holder;[HrefToken()];addnoteempty=1'>Add note</a></center>"
 		output += ruler
-		if(!isnum(index))
-			index = sanitizeSQL(index)
 		switch(index)
 			if(1)
 				search = "^."
@@ -488,7 +584,17 @@
 				search = "^\[^\[:alpha:\]\]"
 			else
 				search = "^[index]"
-		var/datum/DBQuery/query_list_messages = SSdbcore.NewQuery("SELECT DISTINCT targetckey, (SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey) FROM [format_table_name("messages")] WHERE type <> 'memo' AND targetckey REGEXP '[search]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL) ORDER BY targetckey")
+		var/datum/db_query/query_list_messages = SSdbcore.NewQuery({"
+			SELECT DISTINCT
+				targetckey,
+				(SELECT byond_key FROM [format_table_name("player")] WHERE ckey = targetckey)
+			FROM [format_table_name("messages")]
+			WHERE type <> 'memo'
+				AND targetckey REGEXP :search
+				AND deleted = 0
+				AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
+			ORDER BY targetckey
+		"}, list("search" = search))
 		if(!query_list_messages.warn_execute())
 			qdel(query_list_messages)
 			return
@@ -512,17 +618,24 @@

 /proc/get_message_output(type, target_ckey)
 	if(!SSdbcore.Connect())
-		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
+		to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>", confidential = TRUE)
 		return
 	if(!type)
 		return
 	var/output
-	if(target_ckey)
-		target_ckey = sanitizeSQL(target_ckey)
-	var/query = "SELECT id, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey), text, timestamp, IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor) FROM [format_table_name("messages")] WHERE type = '[type]' AND deleted = 0 AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)"
-	if(type == "message" || type == "watchlist entry")
-		query += " AND targetckey = '[target_ckey]'"
-	var/datum/DBQuery/query_get_message_output = SSdbcore.NewQuery(query)
+	var/datum/db_query/query_get_message_output = SSdbcore.NewQuery({"
+		SELECT
+			id,
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = adminckey), adminckey),
+			text,
+			timestamp,
+			IFNULL((SELECT byond_key FROM [format_table_name("player")] WHERE ckey = lasteditor), lasteditor)
+		FROM [format_table_name("messages")]
+		WHERE type = :type
+		AND deleted = 0
+		AND (expire_timestamp > NOW() OR expire_timestamp IS NULL)
+		AND ((type != 'message' AND type != 'watchlist entry') OR targetckey = :targetckey)
+	"}, list("targetckey" = target_ckey, "type" = type))
 	if(!query_get_message_output.warn_execute())
 		qdel(query_get_message_output)
 		return
@@ -536,7 +649,10 @@
 			if("message")
 				output += "<font color='red' size='3'><b>Admin message left by <span class='prefix'>[admin_key]</span> on [timestamp]</b></font>"
 				output += "<br><font color='red'>[text]</font><br>"
-				var/datum/DBQuery/query_message_read = SSdbcore.NewQuery("UPDATE [format_table_name("messages")] SET type = 'message sent' WHERE id = [message_id]")
+				var/datum/db_query/query_message_read = SSdbcore.NewQuery(
+					"UPDATE [format_table_name("messages")] SET type = 'message sent' WHERE id = :id",
+					list("id" = message_id)
+				)
 				if(!query_message_read.warn_execute())
 					qdel(query_get_message_output)
 					qdel(query_message_read)
@@ -544,7 +660,7 @@
 				qdel(query_message_read)
 			if("watchlist entry")
 				message_admins("<font color='red'><B>Notice: </B></font><font color='blue'>[key_name_admin(target_ckey)] has been on the watchlist since [timestamp] and has just connected - Reason: [text]</font>")
-				send2irc_adminless_only("Watchlist", "[key_name(target_ckey)] is on the watchlist and has just connected - Reason: [text]")
+				send2tgs_adminless_only("Watchlist", "[key_name(target_ckey)] is on the watchlist and has just connected - Reason: [text]")
 			if("memo")
 				output += "<span class='memo'>Memo by <span class='prefix'>[admin_key]</span> on [timestamp]"
 				if(editor_key)
@@ -576,7 +692,7 @@
 		var/timestamp = note.group[1]
 		notetext = note.group[2]
 		var/admin_ckey = note.group[3]
-		var/datum/DBQuery/query_convert_time = SSdbcore.NewQuery("SELECT ADDTIME(STR_TO_DATE('[timestamp]','%d-%b-%Y'), '0')")
+		var/datum/db_query/query_convert_time = SSdbcore.NewQuery("SELECT ADDTIME(STR_TO_DATE(:timestamp,'%d-%b-%Y'), '0')", list("timestamp" = timestamp))
 		if(!query_convert_time.Execute())
 			qdel(query_convert_time)
 			return
@@ -591,7 +707,7 @@
 /*alternatively this proc can be run once to pass through every note and attempt to convert it before deleting the file, if done then AUTOCONVERT_NOTES should be turned off
 this proc can take several minutes to execute fully if converting and cause DD to hang if converting a lot of notes; it's not advised to do so while a server is live
 /proc/mass_convert_notes()
-	to_chat(world, "Beginning mass note conversion")
+	to_chat(world, "Beginning mass note conversion", confidential = TRUE)
 	var/savefile/notesfile = new(NOTESFILE)
 	if(!notesfile)
 		log_game("Error: Cannot access [NOTESFILE]")
@@ -599,7 +715,7 @@ this proc can take several minutes to execute fully if converting and cause DD t
 	notesfile.cd = "/"
 	for(var/ckey in notesfile.dir)
 		convert_notes_sql(ckey)
-	to_chat(world, "Deleting NOTESFILE")
+	to_chat(world, "Deleting NOTESFILE", confidential = TRUE)
 	fdel(NOTESFILE)
-	to_chat(world, "Finished mass note conversion, remember to turn off AUTOCONVERT_NOTES")*/
+	to_chat(world, "Finished mass note conversion, remember to turn off AUTOCONVERT_NOTES", confidential = TRUE)*/
 #undef NOTESFILE
@@ -32,15 +32,11 @@
 					return
 				ban["message"] = "[reason]"

-			if(SSdbcore.Connect()) // todo: second wave
-				// var/datum/db_query/query_create_stickyban = SSdbcore.NewQuery({"
-				// 	INSERT INTO [format_table_name("stickyban")] (ckey, reason, banning_admin)
-				// 	VALUES (:ckey, :message, :banning_admin)
-				// "}, list("ckey" = ckey, "message" = ban["message"], "banning_admin" = usr.ckey))
-				var/datum/DBQuery/query_create_stickyban = SSdbcore.NewQuery({"
+			if(SSdbcore.Connect())
+				var/datum/db_query/query_create_stickyban = SSdbcore.NewQuery({"
 					INSERT INTO [format_table_name("stickyban")] (ckey, reason, banning_admin)
-					VALUES ([ckey], [ban["message"]], [usr.ckey])
-				"})
+					VALUES (:ckey, :message, :banning_admin)
+				"}, list("ckey" = ckey, "message" = ban["message"], "banning_admin" = usr.ckey))
 				if (query_create_stickyban.warn_execute())
 					ban["fromdb"] = TRUE
 				qdel(query_create_stickyban)
@@ -74,19 +70,14 @@
 			SSstickyban.cache -= ckey

 			if (SSdbcore.Connect())
-				// SSdbcore.QuerySelect(list(
-				// 	SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban")] WHERE ckey = :ckey", list("ckey" = ckey)),
-				// 	SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = :ckey", list("ckey" = ckey)),
-				// 	SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_cid")] WHERE stickyban = :ckey", list("ckey" = ckey)),
-				// 	SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ip")] WHERE stickyban = :ckey", list("ckey" = ckey))
-				// ), warn = TRUE, qdel = TRUE)
 				SSdbcore.QuerySelect(list(
-					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban")] WHERE ckey = [ckey]"),
-					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = [ckey]"),
-					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_cid")] WHERE stickyban = [ckey]"),
-					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ip")] WHERE stickyban = [ckey]")
+					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban")] WHERE ckey = :ckey", list("ckey" = ckey)),
+					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = :ckey", list("ckey" = ckey)),
+					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_cid")] WHERE stickyban = :ckey", list("ckey" = ckey)),
+					SSdbcore.NewQuery("DELETE FROM [format_table_name("stickyban_matched_ip")] WHERE stickyban = :ckey", list("ckey" = ckey))
 				), warn = TRUE, qdel = TRUE)

+
 			log_admin_private("[key_name(usr)] removed [ckey]'s stickyban")
 			message_admins("<span class='adminnotice'>[key_name_admin(usr)] removed [ckey]'s stickyban</span>")

@@ -128,12 +119,9 @@
 			SSstickyban.cache[ckey] = ban

 			if (SSdbcore.Connect())
-				// var/datum/db_query/query_remove_stickyban_alt = SSdbcore.NewQuery(
-				// 	"DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = :ckey AND matched_ckey = :alt",
-				// 	list("ckey" = ckey, "alt" = alt)
-				// )
-				var/datum/DBQuery/query_remove_stickyban_alt = SSdbcore.NewQuery(
-					"DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = [ckey] AND matched_ckey = [alt]"
+				var/datum/db_query/query_remove_stickyban_alt = SSdbcore.NewQuery(
+					"DELETE FROM [format_table_name("stickyban_matched_ckey")] WHERE stickyban = :ckey AND matched_ckey = :alt",
+					list("ckey" = ckey, "alt" = alt)
 				)
 				query_remove_stickyban_alt.warn_execute()
 				qdel(query_remove_stickyban_alt)
@@ -165,12 +153,9 @@
 			SSstickyban.cache[ckey] = ban

 			if (SSdbcore.Connect())
-				// var/datum/db_query/query_edit_stickyban = SSdbcore.NewQuery(
-				// 	"UPDATE [format_table_name("stickyban")] SET reason = :reason WHERE ckey = :ckey",
-				// 	list("reason" = reason, "ckey" = ckey)
-				// )
-				var/datum/DBQuery/query_edit_stickyban = SSdbcore.NewQuery(
-					"UPDATE [format_table_name("stickyban")] SET reason = [reason] WHERE ckey = [ckey]"
+				var/datum/db_query/query_edit_stickyban = SSdbcore.NewQuery(
+					"UPDATE [format_table_name("stickyban")] SET reason = :reason WHERE ckey = :ckey",
+					list("reason" = reason, "ckey" = ckey)
 				)
 				query_edit_stickyban.warn_execute()
 				qdel(query_edit_stickyban)
@@ -218,12 +203,9 @@
 			SSstickyban.cache[ckey] = ban

 			if (SSdbcore.Connect())
-				// var/datum/db_query/query_exempt_stickyban_alt = SSdbcore.NewQuery(
-				// 	"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 1 WHERE stickyban = :ckey AND matched_ckey = :alt",
-				// 	list("ckey" = ckey, "alt" = alt)
-				// )
-				var/datum/DBQuery/query_exempt_stickyban_alt = SSdbcore.NewQuery(
-					"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 1 WHERE stickyban = [ckey] AND matched_ckey = [alt]"
+				var/datum/db_query/query_exempt_stickyban_alt = SSdbcore.NewQuery(
+					"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 1 WHERE stickyban = :ckey AND matched_ckey = :alt",
+					list("ckey" = ckey, "alt" = alt)
 				)
 				query_exempt_stickyban_alt.warn_execute()
 				qdel(query_exempt_stickyban_alt)
@@ -271,12 +253,9 @@
 			SSstickyban.cache[ckey] = ban

 			if (SSdbcore.Connect())
-				// var/datum/db_query/query_unexempt_stickyban_alt = SSdbcore.NewQuery(
-				// 	"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 0 WHERE stickyban = :ckey AND matched_ckey = :alt",
-				// 	list("ckey" = ckey, "alt" = alt)
-				// )
-				var/datum/DBQuery/query_unexempt_stickyban_alt = SSdbcore.NewQuery(
-					"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 0 WHERE stickyban = [ckey] AND matched_ckey = [alt]"
+				var/datum/db_query/query_unexempt_stickyban_alt = SSdbcore.NewQuery(
+					"UPDATE [format_table_name("stickyban_matched_ckey")] SET exempt = 0 WHERE stickyban = :ckey AND matched_ckey = :alt",
+					list("ckey" = ckey, "alt" = alt)
 				)
 				query_unexempt_stickyban_alt.warn_execute()
 				qdel(query_unexempt_stickyban_alt)
@@ -1269,8 +1269,10 @@
 	else if(href_list["messageedits"])
 		if(!check_rights(R_ADMIN))
 			return
-		var/message_id = sanitizeSQL("[href_list["messageedits"]]")
-		var/datum/DBQuery/query_get_message_edits = SSdbcore.NewQuery("SELECT edits FROM [format_table_name("messages")] WHERE id = '[message_id]'")
+		var/datum/db_query/query_get_message_edits = SSdbcore.NewQuery(
+			"SELECT edits FROM [format_table_name("messages")] WHERE id = :message_id",
+			list("message_id" = href_list["messageedits"])
+		)
 		if(!query_get_message_edits.warn_execute())
 			qdel(query_get_message_edits)
 			return
@@ -2967,16 +2969,19 @@
 			to_chat(usr, "<span class='danger'>The client chosen is an admin! Cannot mentorize.</span>")
 			return
 	if(SSdbcore.Connect())
-		var/datum/DBQuery/query_get_mentor = SSdbcore.NewQuery("SELECT id FROM [format_table_name("mentor")] WHERE ckey = '[ckey]'")
+		var/datum/db_query/query_get_mentor = SSdbcore.NewQuery(
+			"SELECT id FROM [format_table_name("mentor")] WHERE ckey = :ckey",
+			list("ckey" = ckey)
+		)
 		if(!query_get_mentor.warn_execute())
 			return
 		if(query_get_mentor.NextRow())
 			to_chat(usr, "<span class='danger'>[ckey] is already a mentor.</span>")
 			return
-		var/datum/DBQuery/query_add_mentor = SSdbcore.NewQuery("INSERT INTO `[format_table_name("mentor")]` (`id`, `ckey`) VALUES (null, '[ckey]')")
+		var/datum/db_query/query_add_mentor = SSdbcore.NewQuery("INSERT INTO `[format_table_name("mentor")]` (`id`, `ckey`) VALUES (null, '[ckey]')")
 		if(!query_add_mentor.warn_execute())
 			return
-		var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO `[format_table_name("admin_log")]` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Added new mentor [ckey]');")
+		var/datum/db_query/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO `[format_table_name("admin_log")]` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Added new mentor [ckey]');")
 		if(!query_add_admin_log.warn_execute())
 			return
 	else
@@ -3000,10 +3005,10 @@
 		C.mentor_datum = null
 		GLOB.mentors -= C
 	if(SSdbcore.Connect())
-		var/datum/DBQuery/query_remove_mentor = SSdbcore.NewQuery("DELETE FROM [format_table_name("mentor")] WHERE ckey = '[ckey]'")
+		var/datum/db_query/query_remove_mentor = SSdbcore.NewQuery("DELETE FROM [format_table_name("mentor")] WHERE ckey = '[ckey]'")
 		if(!query_remove_mentor.warn_execute())
 			return
-		var/datum/DBQuery/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO `[format_table_name("admin_log")]` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Removed mentor [ckey]');")
+		var/datum/db_query/query_add_admin_log = SSdbcore.NewQuery("INSERT INTO `[format_table_name("admin_log")]` (`id` ,`datetime` ,`adminckey` ,`adminip` ,`log` ) VALUES (NULL , NOW( ) , '[usr.ckey]', '[usr.client.address]', 'Removed mentor [ckey]');")
 		if(!query_add_admin_log.warn_execute())
 			return
 	else
@@ -205,7 +205,7 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new)
 		MessageNoRecipient(msg)

 		//send it to irc if nobody is on and tell us how many were on
-		var/admin_number_present = send2irc_adminless_only(initiator_ckey, "Ticket #[id]: [name]")
+		var/admin_number_present = send2tgs_adminless_only(initiator_ckey, "Ticket #[id]: [name]")
 		log_admin_private("Ticket #[id]: [key_name(initiator)]: [name] - heard by [admin_number_present] non-AFK admins who have +BAN.")
 		if(admin_number_present <= 0)
 			to_chat(C, "<span class='notice'>No active admins are online, your adminhelp was sent to the admin irc.</span>")
@@ -222,7 +222,7 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new)
 /datum/admin_help/proc/AddInteraction(formatted_message)
 	if(heard_by_no_admins && usr && usr.ckey != initiator_ckey)
 		heard_by_no_admins = FALSE
-		send2irc(initiator_ckey, "Ticket #[id]: Answered by [key_name(usr)]")
+		send2adminchat(initiator_ckey, "Ticket #[id]: Answered by [key_name(usr)]")
 	_interactions += "[TIME_STAMP("hh:mm:ss", FALSE)]: [formatted_message]"

 //Removes the ahelp verb and returns it after 2 minutes
@@ -573,7 +573,7 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new)
 	. = list("total" = list(), "noflags" = list(), "afk" = list(), "stealth" = list(), "present" = list())
 	for(var/client/X in GLOB.admins)
 		.["total"] += X
-		if(requiredflags != 0 && !check_rights_for(X, requiredflags))
+		if(requiredflags != NONE && !check_rights_for(X, requiredflags))
 			.["noflags"] += X
 		else if(X.is_afk())
 			.["afk"] += X
@@ -582,7 +582,7 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new)
 		else
 			.["present"] += X

-/proc/send2irc_adminless_only(source, msg, requiredflags = R_BAN)
+/proc/send2tgs_adminless_only(source, msg, requiredflags = R_BAN)
 	var/list/adm = get_admin_counts(requiredflags)
 	var/list/activemins = adm["present"]
 	. = activemins.len
@@ -596,15 +596,9 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new)
 			final = "[msg] - No admins online"
 		else
 			final = "[msg] - All admins stealthed\[[english_list(stealthmins)]\], AFK\[[english_list(afkmins)]\], or lacks +BAN\[[english_list(powerlessmins)]\]! Total: [allmins.len] "
-		send2irc(source,final)
+		send2adminchat(source,final)
 		send2otherserver(source,final)

-
-/proc/send2irc(msg,msg2)
-	msg = replacetext(replacetext(msg, "\proper", ""), "\improper", "")
-	msg2 = replacetext(replacetext(msg2, "\proper", ""), "\improper", "")
-	world.TgsTargetedChatBroadcast("[msg] | [msg2]", TRUE)
-
 /**
 * Sends a message to a set of cross-communications-enabled servers using world topic calls
 *
@@ -648,6 +642,10 @@ GLOBAL_DATUM_INIT(ahelp_tickets, /datum/admin_help_tickets, new)
 	if (!server_url)
 		CRASH("Invalid cross comms config: [server_name]")
 	world.Export("[server_url]?[list2params(message)]")
+<<<<<<< HEAD
+=======
+
+>>>>>>> origin/master

 /proc/ircadminwho()
 	var/list/message = list("Admins: ")
@@ -165,7 +165,7 @@
 		to_chat(src, "<span class='notice'>PM to-<b>Admins</b>: <span class='linkify'>[rawmsg]</span></span>", confidential = TRUE)
 		var/datum/admin_help/AH = admin_ticket_log(src, "<font color='red'>Reply PM from-<b>[key_name(src, TRUE, TRUE)]</b> to <i>External</i>: [keywordparsedmsg]</font>")
 		ircreplyamount--
-		send2irc("[AH ? "#[AH.id] " : ""]Reply: [ckey]", rawmsg)
+		send2adminchat("[AH ? "#[AH.id] " : ""]Reply: [ckey]", rawmsg)

 	else
 		var/badmin = FALSE //Lets figure out if an admin is getting bwoinked.
@@ -13,7 +13,7 @@
 	if (new_pb && !SSdbcore.Connect())
 		message_admins("The Database is not connected! Panic bunker will not work until the connection is reestablished.")
 	SSblackbox.record_feedback("nested tally", "admin_toggle", 1, list("Toggle Panic Bunker", "[new_pb ? "Enabled" : "Disabled"]")) //If you are copy-pasting this, ensure the 2nd parameter is unique to the new proc!
-	send2irc("Panic Bunker", "[key_name(usr)] has toggled the Panic Bunker, it is now [new_pb ? "enabled" : "disabled"].")
+	send2adminchat("Panic Bunker", "[key_name(usr)] has toggled the Panic Bunker, it is now [new_pb ? "enabled" : "disabled"].")

 /client/proc/addbunkerbypass(ckeytobypass as text)
 	set category = "Special Verbs"
@@ -28,7 +28,7 @@
 	SSpersistence.SavePanicBunker() //we can do this every time, it's okay
 	log_admin("[key_name(usr)] has added [ckeytobypass] to the current round's bunker bypass list.")
 	message_admins("[key_name_admin(usr)] has added [ckeytobypass] to the current round's bunker bypass list.")
-	send2irc("Panic Bunker", "[key_name(usr)] has added [ckeytobypass] to the current round's bunker bypass list.")
+	send2adminchat("Panic Bunker", "[key_name(usr)] has added [ckeytobypass] to the current round's bunker bypass list.")

 /client/proc/revokebunkerbypass(ckeytobypass as text)
 	set category = "Special Verbs"
@@ -42,4 +42,4 @@
 	SSpersistence.SavePanicBunker()
 	log_admin("[key_name(usr)] has removed [ckeytobypass] from the current round's bunker bypass list.")
 	message_admins("[key_name_admin(usr)] has removed [ckeytobypass] from the current round's bunker bypass list.")
-	send2irc("Panic Bunker", "[key_name(usr)] has removed [ckeytobypass] from the current round's bunker bypass list.")
+	send2adminchat("Panic Bunker", "[key_name(usr)] has removed [ckeytobypass] from the current round's bunker bypass list.")