OnDialogResponse problem
#1

This is the command:
HTML Code:
CMD:report(playerid, params[]) {
	if(PlayerInfo[playerid][pHelper] > 0 || PlayerInfo[playerid][pAdmin] > 0) return SCM(playerid, -1, "You're part of staff you can't use this command.");
	if(HaveReport[playerid] == 1) return SCM(playerid, -1, "You already have an report sent to admins, wait for an answer.");
	ShowPlayerDialog(playerid, DIALOG_REPORT, DIALOG_STYLE_LIST, "Report System", "Report DM\nReport a cheater\nQuestion about donations\nI'm blocked / I don't see anything\nI want to make a deal, i need a staf member\nAnother Problem", "Select", "Cancel");
	return 1;
}
This is the dialog:
HTML Code:
case DIALOG_REPORT: {
			if(!response) return 1;
			switch(listitem) {
				//Report DM(1)\nReport a cheater(2)\nQuestion about donations(3)\nI'm blocked / I don't see anything(4)\nI want to make a deal, i need a staf member(5)\nAnother Problem(6)
				case 0: ShowPlayerDialog(playerid, DIALOG_REPORT+1, DIALOG_STYLE_INPUT, "Report DM", "Type the playerid of the\nplayer that makes the DM.", "Ok", "Cancel");
				case 1: ShowPlayerDialog(playerid, DIALOG_REPORT+2, DIALOG_STYLE_INPUT, "Report a cheater", "Type the playerid of the\nplayer who uses cheats.", "Ok", "Cancel");
				case 2: ShowPlayerDialog(playerid, DIALOG_INFO, DIALOG_STYLE_MSGBOX, "About Donations", "In work!", "Ok", "");
				case 3: {
					new string[84];
					format(string, sizeof(string), "{FF0000}Report: %s (id: %d) is blocked / he don't see anything.", GetName(playerid), playerid);
					StaffBroadCast(-1, string);
					HaveReport[playerid] = 1;
					ReportType[playerid] = 4;
					if(!Iter_Contains(Reports, playerid)) Iter_Add(Reports, playerid);
				}
				case 4: {
					new string[93];
					format(string, sizeof(string), "{FF0000}Report: %s (id: %d) wants to make a deal, he need a staf member.", GetName(playerid), playerid);
					StaffBroadCast(-1, string);
					HaveReport[playerid] = 1;
					ReportType[playerid] = 5;
					if(!Iter_Contains(Reports, playerid)) Iter_Add(Reports, playerid);
				}
				case 5: ShowPlayerDialog(playerid, DIALOG_REPORT+3, DIALOG_STYLE_INPUT, "Another Problem", "Type the problem and describe it.", "Ok", "Cancel");
			}
		}
And this is anti server(sql injection) crash:
HTML Code:
	if(strlen(inputtext) >= 1) {
		if(strfind(inputtext, "%", true) != -1 || strfind(inputtext, "`", true) != -1 || strfind(inputtext, "'", true) != -1) return SCM(playerid, COLOR_DARKRED, "Anti SQL Injection!");
    }
Okay, when i click on case 3(that with blocked / he don't see anything) i get "Anti SQL Injection", what's wrong with my script? If i click on case 4(that with player wants to make a deal) it's okay, he works.
Reply
#2

Quote:
Originally Posted by Y_Less
View Post
You check for ', which your messages contain:

I'm blocked / I don't see anything

There’s no need to do SQL injection checks manually anyway, use an escaping SQL function.
Thank you so much man, respect +!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)