SA-MP Forums Archive
Request for explanations - Mysql stuff - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Request for explanations - Mysql stuff (/showthread.php?tid=314675)


Request for explanations - Mysql stuff - Abreezy - 30.01.2012

Hey guys, instead of just copying codes, i'm trying to learn the meanings of everything, I read the meaning off wiki but just want to another 'answer' for lack of better words from you guys.

First one is:

pawn Код:
mysql_num_rows()
I know this is suppose to tell you how many rows you got or something like that, so how does it work to detect if your registered or not? Is that the only thing it does? - Sorry if i might sound 'nooby' with these questions.

Second question:

How do you compare something using mysql functions? Let's say i want to compare inputtext and pPassword which is on the database, how would you do so? something like

pawn Код:
if(inputtext == pPassword)
Not sure if that would work though, which is why I ask. Thanks in advance guys and gals.

Re: Request for explanations - Mysql stuff - jamesbond007 - 30.01.2012

dude i showed u already something like :

select * from username = pname and password = inputtext

then if(mysql_num_rows()>1) // password correct
else // wrong

Re: Request for explanations - Mysql stuff - [HiC]TheKiller - 30.01.2012

Quote:
Originally Posted by jamesbond007
Посмотреть сообщение
dude i showed u already something like :

select * from username = pname and password = inputtext

then if(mysql_num_rows()>1) // password correct
else // wrong
You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:

pawn Код:
new query[200], pname[24], escapepass[100];
GetPlayerName(playerid, pname, 24);
mysql_real_escape_string(inputtext, escapepass);
format(query, sizeof(query), "SELECT * FROM usertable WHERE name = '%s' AND pPassword = 'escapepass' LIMIT 1");
mysql_query(query);
mysql_store_result();
if(mysql_num_rows() != 0)
{
    // password was correct
}
else
{
    //password wasn't correct
}
For more information, visit the tutorial in my sig .

Re: Request for explanations - Mysql stuff - Abreezy - 30.01.2012

Quote:
Originally Posted by [HiC]TheKiller
Посмотреть сообщение
You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:

pawn Код:
new query[200], pname[24], escapepass[100];
GetPlayerName(playerid, pname, 24);
mysql_real_escape_string(inputtext, escapepass);
format(query, sizeof(query), "SELECT * FROM usertable WHERE name = '%s' AND pPassword = 'escapepass' LIMIT 1");
mysql_query(query);
mysql_store_result();
if(mysql_num_rows() != 0)
{
    // password was correct
}
else
{
    //password wasn't correct
}
For more information, visit the tutorial in my sig .
Thank you, and I have read your tutorial several times, I know how to do most stuff, I just want to understand what I'm doing, if that makes sense.

Re: Request for explanations - Mysql stuff - Scenario - 30.01.2012

... or your could load the password, store it into a variable and use strcmp to check if the two strings match.

Re: Request for explanations - Mysql stuff - jamesbond007 - 30.01.2012

Quote:
Originally Posted by [HiC]TheKiller
Посмотреть сообщение
You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:
it was pseudo code, i just wrote it as an example. chillax