SA-MP Forums Archive
mysql_fetch_row_format() | Issue - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: mysql_fetch_row_format() | Issue (/showthread.php?tid=405929)


mysql_fetch_row_format() | Issue - vIBIENNYx - 08.01.2013

When the login system initates, the player's "Salt" is pulled from the database and then checked with the input text to see if the password matches, however the following variables print "(Null)" into the logs rather than the correct input:

PVar[playerid][psalt]
salt
string

This used to work before switching to linux plugins from windows.

pawn Код:
new Query[256];
                new saltquery[156], salt[38], string[128];
                string = "";
                salt = "";
                format(saltquery, sizeof(saltquery), "SELECT `psalt` FROM `playerinfo` WHERE `username` = '%s'", pName(playerid));
                mysql_query(saltquery);
                mysql_store_result();
                mysql_fetch_row_format(PVar[playerid][psalt]);

                format(salt, sizeof(salt), PVar[playerid][psalt]);
                print(saltquery);
                print(PVar[playerid][psalt]);
                print(salt);
                format(string, sizeof(string), "%s%s", salt, inputtext);
                
                format(Query, sizeof(Query), "SELECT * FROM `playerinfo` WHERE `username` = '%s' AND `ppassword` = md5('%s')", pName(playerid), string);
                print(Query);
                mysql_query(Query);
                mysql_store_result();

                string = "";
                salt = "";


Re: mysql_fetch_row_format() | Issue - vIBIENNYx - 08.01.2013

Okay, I've figured that the issue is that it is not receive ANY data from the database but it is connecting to it.

Re: mysql_fetch_row_format() | Issue - Vince - 08.01.2013

What's the point in doing two queries?

PHP код:
SELECT FROM `playerinfoWHERE `username` = '%s' AND `ppassword` = md5(concat('%s', `psalt`)) 
Other points of notice: strings are always created empty. You don't have to explicitly empty them. Secondly, ALWAYS escape (mysql_real_escape_string) user input before using it in a query. A user may use the single quote character (') in his password, which will immediately break your query. Moreover, by not escaping you are vulnerable to sql injection.

Re: mysql_fetch_row_format() | Issue - vIBIENNYx - 08.01.2013

Thanks Vince, fixing these now.