SaveSQLStr(HouseData[houseid][HouseID], "houses", "OwnerName", HouseData[houseid][HouseOwnerName]);
Server:SaveSQLStr(sqlid, table[], row[], value) { new query[500]; mysql_format(sqlBaglanti, query, sizeof query, "UPDATE %e SET %e = '%s' WHERE id = '%i'", table, row, value, sqlid); mysql_pquery(sqlBaglanti, query); return true; }
How is this not giving you any errors or warnings while compiling? And if it does, why are you ignoring them? The "value" parameter should be declared as an array but it is not.
Also I hope you don't have 20 of those "SaveSQL_" statements beneath each other because that would be very inefficient. |
Another thing, you ironically escape everything but the value you're setting, which is likely to at times be user input (password, etc). Change %s to %e, seriously.
|
SaveSQLStr(HouseData[houseid][HouseID], "houses", "OwnerName", HouseData[houseid][HouseOwnerName]); Server:SaveSQLStr(sqlid, table[], row[], value) { new query[500]; mysql_format(sqlBaglanti, query, sizeof query, "UPDATE %e SET %e = '%s' WHERE id = '%i'", table, row, value, sqlid); mysql_pquery(sqlBaglanti, query); return true; } 'value' is not a type string And replace with: SaveSQLStr(HouseData[houseid][HouseID], "houses", "OwnerName", houseid); Server:SaveSQLStr(sqlid, table[], row[], value) { new query[500]; mysql_format(sqlBaglanti, query, sizeof query, "UPDATE `%s` SET `%s` = '%s' WHERE `id` = '%d'", table, row, value, sqlid); mysql_tquery(sqlBaglanti, query, "", ""); return true; }