Request for explanations - Mysql stuff -
Abreezy - 30.01.2012
Hey guys, instead of just copying codes, i'm trying to learn the meanings of everything, I read the meaning off wiki but just want to another 'answer' for lack of better words from you guys.
First one is:
I know this is suppose to tell you how many rows you got or something like that, so how does it work to detect if your registered or not? Is that the only thing it does? - Sorry if i might sound 'nooby' with these questions.
Second question:
How do you compare something using mysql functions? Let's say i want to compare inputtext and pPassword which is on the database, how would you do so? something like
pawn Код:
if(inputtext == pPassword)
Not sure if that would work though, which is why I ask. Thanks in advance guys and gals.
Re: Request for explanations - Mysql stuff -
jamesbond007 - 30.01.2012
dude i showed u already something like :
select * from username = pname and password = inputtext
then if(mysql_num_rows()>1) // password correct
else // wrong
Re: Request for explanations - Mysql stuff -
[HiC]TheKiller - 30.01.2012
Quote:
Originally Posted by jamesbond007
dude i showed u already something like :
select * from username = pname and password = inputtext
then if(mysql_num_rows()>1) // password correct
else // wrong
|
You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:
pawn Код:
new query[200], pname[24], escapepass[100];
GetPlayerName(playerid, pname, 24);
mysql_real_escape_string(inputtext, escapepass);
format(query, sizeof(query), "SELECT * FROM usertable WHERE name = '%s' AND pPassword = 'escapepass' LIMIT 1");
mysql_query(query);
mysql_store_result();
if(mysql_num_rows() != 0)
{
// password was correct
}
else
{
//password wasn't correct
}
For more information, visit the tutorial in my sig

.
Re: Request for explanations - Mysql stuff -
Abreezy - 30.01.2012
Quote:
Originally Posted by [HiC]TheKiller
You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:
pawn Код:
new query[200], pname[24], escapepass[100]; GetPlayerName(playerid, pname, 24); mysql_real_escape_string(inputtext, escapepass); format(query, sizeof(query), "SELECT * FROM usertable WHERE name = '%s' AND pPassword = 'escapepass' LIMIT 1"); mysql_query(query); mysql_store_result(); if(mysql_num_rows() != 0) { // password was correct } else { //password wasn't correct }
For more information, visit the tutorial in my sig  .
|
Thank you, and I have read your tutorial several times, I know how to do most stuff, I just want to understand what I'm doing, if that makes sense.
Re: Request for explanations - Mysql stuff -
Scenario - 30.01.2012
... or your could load the password, store it into a variable and use strcmp to check if the two strings match.
Re: Request for explanations - Mysql stuff -
jamesbond007 - 30.01.2012
Quote:
Originally Posted by [HiC]TheKiller
You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:
|
it was pseudo code, i just wrote it as an example. chillax