mysql_fetch_row_format() | Issue - Printable Version
+- SA-MP Forums Archive (
https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (
https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (
https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: mysql_fetch_row_format() | Issue (
/showthread.php?tid=405929)
mysql_fetch_row_format() | Issue -
vIBIENNYx - 08.01.2013
When the login system initates, the player's "Salt" is pulled from the database and then checked with the input text to see if the password matches, however the following variables print "(Null)" into the logs rather than the correct input:
PVar[playerid][psalt]
salt
string
This used to work before switching to linux plugins from windows.
pawn Код:
new Query[256];
new saltquery[156], salt[38], string[128];
string = "";
salt = "";
format(saltquery, sizeof(saltquery), "SELECT `psalt` FROM `playerinfo` WHERE `username` = '%s'", pName(playerid));
mysql_query(saltquery);
mysql_store_result();
mysql_fetch_row_format(PVar[playerid][psalt]);
format(salt, sizeof(salt), PVar[playerid][psalt]);
print(saltquery);
print(PVar[playerid][psalt]);
print(salt);
format(string, sizeof(string), "%s%s", salt, inputtext);
format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `username` = '%s' AND `ppassword` = md5('%s')", pName(playerid), string);
print(Query);
mysql_query(Query);
mysql_store_result();
string = "";
salt = "";
Re: mysql_fetch_row_format() | Issue -
vIBIENNYx - 08.01.2013
Okay, I've figured that the issue is that it is not receive ANY data from the database but it is connecting to it.
Re: mysql_fetch_row_format() | Issue -
Vince - 08.01.2013
What's the point in doing two queries?
PHP код:
SELECT * FROM `playerinfo` WHERE `username` = '%s' AND `ppassword` = md5(concat('%s', `psalt`))
Other points of notice: strings are always created empty. You don't have to explicitly empty them. Secondly, ALWAYS escape (mysql_real_escape_string) user input before using it in a query. A user may use the single quote character (') in his password, which will immediately break your query. Moreover, by not escaping you are vulnerable to sql injection.
Re: mysql_fetch_row_format() | Issue -
vIBIENNYx - 08.01.2013
Thanks Vince, fixing these now.