SA-MP Forums Archive
What are the benefits of having a MySQL Database? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP (https://sampforum.blast.hk/forumdisplay.php?fid=3)
+--- Forum: General (https://sampforum.blast.hk/forumdisplay.php?fid=13)
+--- Thread: What are the benefits of having a MySQL Database? (/showthread.php?tid=160549)


What are the benefits of having a MySQL Database? - Toni - 17.07.2010

I was just wondering, what are the benefits?
I might be trying to switch to a MySQL Database, but before I do, I just wanted to know what are the benefits, and problems that could happen?

Re: What are the benefits of having a MySQL Database? - [HiC]TheKiller - 17.07.2010

You can make it so there is a website with a admin panel, stats etc. It's better to hold large amounts of information. A problem is, you could be SQL injected and someone hacks into your DB or destroys it.

Re: What are the benefits of having a MySQL Database? - Chaprnks - 17.07.2010

Ability to easily connect and read information from an external source, and some functions that would be almost impossible with file base (ex: check all accounts column). A SQL injection is possible, but its pretty unheard of in the SA-MP community, I'd just be cautious when you use it on the website.

Re: What are the benefits of having a MySQL Database? - Scenario - 17.07.2010

Hm, I am implementing MySQL into my new GM, but I have stopped completely until I get my Raven's Role Play script to a point where it will work for now... Anyways, like stated above it is better at handling/holding large amounts of data, like player files. You can use an online Admin Panel, if you create one and I believe its a bit safer. Now, of course injections may cause a bit of a problem, but if you have a good enough password/firewall, you should be okay.

Re: What are the benefits of having a MySQL Database? - Sergei - 17.07.2010

Quote:
Originally Posted by [HiC]TheKiller
Посмотреть сообщение
You can make it so there is a website with a admin panel, stats etc. It's better to hold large amounts of information. A problem is, you could be SQL injected and someone hacks into your DB or destroys it.
With SA:MP the only way to be SQL injected is if you don't escape strings before inserting them into query. If you do that, you are good to go.

Re: What are the benefits of having a MySQL Database? - Toni - 17.07.2010

Quote:
Originally Posted by Sergei
Посмотреть сообщение
With SA:MP the only way to be SQL injected is if you don't escape strings before inserting them into query. If you do that, you are good to go.
escape strings before inserting them into query what?

Re: What are the benefits of having a MySQL Database? - Sergei - 17.07.2010

Example.

pawn Код:
public OnPlayerLogin(playerid, password[])
{
    format(query,sizeof(query),"SELECT * FROM `players` WHERE name=SOMENAME AND password='%s'",
        password);
    //...
}
Now if someone inputs
Quote:

haha' OR 'this' = 'this
query would look like
Код:
SELECT * FROM `players` WHERE name=SOMENAME AND password='haha' OR 'this' = 'this'
which would be always true, so player could login without knowing the password.

So escaping string would return the next result
Код:
haha\' OR \'this\' = \'this
and query wouldn't be true anymore, so you couldn't login with any password.

You can read many articles about SQL injections around the internet and how to prevent them.

Re : What are the benefits of having a MySQL Database? - ombre - 13.10.2011

sql injection is possible with that? Or I need also to use mysql_real_escape_string for level adminlevel and SQL?

Код:
GetPlayerName( playerid, name, sizeof( name ) );
mysql_real_escape_string( name, name );
format( query, sizeof( query ), "UPDATE `accounts` SET \`Name`='%s',`Level`='%d',`AdminLevel`='%d' WHERE`SQL`='%d'",name, PlayerInfo[playerid][pLevel],PlayerInfo[playerid][pAdmin],PlayerInfo[playerid][pSQL]);
mysql_query();


Re: Re : What are the benefits of having a MySQL Database? - [HiC]TheKiller - 13.10.2011

Quote:
Originally Posted by ombre
Посмотреть сообщение
sql injection is possible with that? Or I need also to use mysql_real_escape_string for level adminlevel and SQL?

Код:
GetPlayerName( playerid, name, sizeof( name ) );
mysql_real_escape_string( name, name );
format( query, sizeof( query ), "UPDATE `accounts` SET \`Name`='%s',`Level`='%d',`AdminLevel`='%d' WHERE`SQL`='%d'",name, PlayerInfo[playerid][pLevel],PlayerInfo[playerid][pAdmin],PlayerInfo[playerid][pSQL]);
mysql_query();
For any player input, you should escape the queries. I also would recommend posting a new topic in scripting discussion rather then bumping a year old one.

Re: What are the benefits of having a MySQL Database? - Jay_ - 15.10.2011

Benefits in oppose to what?