[Dello]

Hello there! I am using a system to save a Toys and i have this problem..


Log

Код:

MYSQL - 	ERRORID: 1064
Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE `Nombre` = Steven_Dominguez' at line 1
Query: WHERE `Nombre` = Steven_Dominguez
Callback: OnQueryFinish

Script code:

Код:

stock ActualizarAccesorios(playerid, slot=-1)
{
	if(slot == -1)
	{
		Loop(i, MAX_ACCESORIOS, 0)
		{
			ActualizarAccesorios(playerid, i);
		}
	}
	else if(slot > -1 && slot < MAX_ACCESORIOS)
	{
		new
			querystr [300] = "UPDATE `usuarios` SET ",
			str [500];

		A_Format (str, "`AttachModel_%d` = %d,", slot, InfoJugador[playerid][jAttachModel][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachBone_%d` = %d,", slot, InfoJugador[playerid][jAttachModel][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachPosx_%d` = %f,", slot, InfoJugador[playerid][jAttachPosx][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachPosy_%d` = %f,", slot, InfoJugador[playerid][jAttachPosy][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachPosz_%d` = %f,", slot, InfoJugador[playerid][jAttachPosz][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachAngx_%d` = %f,", slot, InfoJugador[playerid][jAttachAngx][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachAngy_%d` = %f,", slot, InfoJugador[playerid][jAttachAngy][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachAngz_%d` = %f,", slot, InfoJugador[playerid][jAttachAngz][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachEscx_%d` = %f,", slot, InfoJugador[playerid][jAttachEscx][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachEscy_%d` = %f,", slot, InfoJugador[playerid][jAttachEscy][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachEscz_%d` = %f,", slot, InfoJugador[playerid][jAttachEscz][slot]);
		strcat (querystr, str);

		A_Format (str, "`AttachOcultado_%d` = %d ", slot, InfoJugador[playerid][jAttachOcultado][slot]);

		A_Format (str, "WHERE `Nombre` = %s", pName (playerid));
		strcat (querystr, str);
		opmysql_tquery(str, "OnQueryFinish", "ii", playerid, query_type_unknown);
	}
	return 1;
}

I need a answer, i didn't find the correct form

[Meller]

First off, ALWAYS escape your strings in MySQL using %e. Second, a string must be formatted in two quotes.

Quote:

Originally Posted by Vince Oh for the love of ... Just use %e in mysql_format for whatever text you insert wherever. If it doesn't help it doesn't hurt either.

[Dello]

For example? Where i put "%e" ?

[Luke_James]

You need to escape strings (anything which isn't an integer (which is a number, such as 1, or 394832 for which you use %d) or a floating point variable (such as 180.0000 for which you use %f)). So, in your code, only the Name (Nombre) is a string, because a name is a string of text like Dello, or Luke_James.

[Dello]

So... i need to change in my code the strings in "%d" for "%s" ?
Sorry for my bad inteligence....


їCan you give me a example with code? Thx bro!

[Luke_James]

Change %s to %e, because %s represents a string (the name) which you need to escape. %e escapes data directly. Do not change %d or %f; they are integer specifiers, not strings. Here's a simple guide...

%s = string (a string of text, for example Dello, San Andreas Multiplayer, pizza123)
%d = integer (a whole number, for example 1, 53, 1000, 192384)
%f = floating point value (a decimal number, in simplest terms*, for example 90.0000, 5.3923)

* a number's binary point which can be placed relative to the significant figures of the number.

[Jefff]

pawn Код:

A_Format (str, "WHERE `Nombre` = '%s'", pName (playerid));

[Dello]

Oh Thank you for the mini-tutorial! haha
Now i have this error:

Код:

MYSQL - 	ERRORID: 1064
Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE `Nombre` = e' at line 1
Query: WHERE `Nombre` = e
Callback: OnQueryFinish

And, i change the last of the code:

Код:

A_Format (str, "WHERE `Nombre` = %e", pName (playerid));
		strcat (querystr, str);
		opmysql_tquery(str, "OnQueryFinish", "ii", playerid, query_type_unknown);

[Dello]

Quote:

Originally Posted by Jefff pawn Код: A_Format (str, "WHERE `Nombre` = '%s'", pName (playerid));

I change too this, and new error:

Код:

[04/09/2017 22:02:56] 
MYSQL - 	ERRORID: 1064
Error: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE `Nombre` = 'Steven_Dominguez'' at line 1
Query: WHERE `Nombre` = 'Steven_Dominguez'
Callback: OnQueryFinish

[Luke_James]

Remember to include quotes (apostrophes ' ') in strings

PHP код:

A_Format (str, "WHERE `Nombre` = '%e'", pName (playerid));