SA-MP Forums Archive
Small SQL problem - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Small SQL problem (/showthread.php?tid=598016)


Small SQL problem - TwinkiDaBoss - 07.01.2016

Alright so there are no errors or nothing, but it wont insert the `AgeStarted`.

PHP код:
mysql_format(mysqlquerysizeof(query), "INSERT INTO `players` (`Username`, `Password`, `IP`, `Admin`, `VIPLevel`,`CharactersCreated`,`AgeStarted`) VALUES ('%e', '%s', '%s',0,0,0,'%i')"Name[playerid], AccInfo[playerid][Password], IP[playerid],gettime());
            mysql_tquery(mysqlquery"OnAccountRegister""i"playerid); 


Re: Small SQL problem - HarrisonC - 07.01.2016

Код:
mysql_format(mysql, query, sizeof(query), "INSERT INTO `players` (`Username`, `Password`, `IP`, `Admin`, `VIPLevel`,`CharactersCreated`,`AgeStarted`) VALUES ('%s', '%s', '%s',0,0,0,%d)", Name[playerid], AccInfo[playerid][Password], IP[playerid],gettime());             
mysql_tquery(mysql, query, "OnAccountRegister", "i", playerid);
Try that instead.
Please rep me if it helps

Re: Small SQL problem - AmigaBlizzard - 07.01.2016

Don't use "%s" for a player's name, always use %e to prevent mysql injections.
If a player would enter a name like
PHP код:
";DROP TABLE players;" 
, your database is gone without warning if you use %s for user-inputted text.

As for the problem, %i or %d would be fine as Harrison said, without the ' around it.
You only need to use a value between ' when it's a string.

Re: Small SQL problem - HarrisonC - 07.01.2016

Quote:
Originally Posted by AmigaBlizzard
Посмотреть сообщение
Don't use "%s" for a player's name, always use %e to prevent mysql injections.
If a player would enter a name like
PHP код:
";DROP TABLE players;" 
, your database is gone without warning if you use %s for user-inputted text.

As for the problem, %i or %d would be fine as Harrison said, without the ' around it.
You only need to use a value between ' when it's a string.
Assumed he would've escaped the string beforehand.
I like to do that just to be sure

Re: Small SQL problem - TwinkiDaBoss - 08.01.2016

Yeah.. figured this one on my own before I responded haha, but still tahnks + rep