SA-MP Forums Archive
Mysql - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Help Archive (https://sampforum.blast.hk/forumdisplay.php?fid=89)
+---- Thread: Mysql (/showthread.php?tid=207819)


Mysql - Anthonyx3' - 07.01.2011

Hey guys, ive been stuck on this for a bit now:

pawn Код:
if (dialogid == 2) 
    {
    new string[256], password[32];
    GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
    format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], password);
    mysql_query(string);
    }
Thats my register dialog, but when i click register, it doesnt log the account password into mysql database .

How do i make it save the password to datatbase?

Re: Mysql - Calgon - 07.01.2011

You really don't want to be sending passwords (or names) that you either haven't encrypted or escaped to your MySQL database.

Do you think you've missed any code in between declaration of the password variable and querying it? Because otherwise you're sending the string password that contains no data.

Re: Mysql - Anthonyx3' - 07.01.2011

oh yeah, im going to be using escpassword, i completely forgot lol. i know i gotta do like input text = pass or something like that.

Re: Mysql - Anthonyx3' - 07.01.2011

edit:
pawn Код:
if (dialogid == 1)
    {
    new string[256], escpass[100];
    mysql_real_escape_string(inputtext, escpass);
    GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
    format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], escpass);
    mysql_query(string);
    }
Would work right? and anti injectable?

Re: Mysql - Calgon - 07.01.2011

Quote:
Originally Posted by Anthonyx3'
Посмотреть сообщение
edit:
pawn Код:
if (dialogid == 1)
    {
    new string[256], escpass[100];
    mysql_real_escape_string(inputtext, escpass);
    GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
    format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], escpass);
    mysql_query(string);
    }
Would work right? and anti injectable?
If that's the correct order for function parameters in the MySQL plugin you use, yes.

Re: Mysql - Anthonyx3' - 07.01.2011

Nice, it worked, thanks bro, and thanks again for warning about injection, i would have forgotten completely

Re: Mysql - Anthonyx3' - 07.01.2011

Sorry for double post again, but how do i get the escpass now for login dialog?

Re: Mysql - Calgon - 07.01.2011

Do the same thing you did with inputtext (escape it) and perform a select query.

Re: Mysql - Anthonyx3' - 07.01.2011

Alright, thanks ill try and post if any problems

Re: Mysql - Scenario - 07.01.2011

I don't know if it happens to anyone else, but I also get issues when there is a space after "... VALUES <HERE> (...)". You may want to remove the space, so it's like this:

pawn Код:
format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES('%s', '%s')",UserStats[playerid][Name], escpass);