#1

Hey guys, ive been stuck on this for a bit now:

pawn Код:
if (dialogid == 2)
    {
    new string[256], password[32];
    GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
    format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], password);
    mysql_query(string);
    }
Thats my register dialog, but when i click register, it doesnt log the account password into mysql database .

How do i make it save the password to datatbase?
Reply
#2

You really don't want to be sending passwords (or names) that you either haven't encrypted or escaped to your MySQL database.

Do you think you've missed any code in between declaration of the password variable and querying it? Because otherwise you're sending the string password that contains no data.
Reply
#3

oh yeah, im going to be using escpassword, i completely forgot lol. i know i gotta do like input text = pass or something like that.
Reply
#4

edit:
pawn Код:
if (dialogid == 1)
    {
    new string[256], escpass[100];
    mysql_real_escape_string(inputtext, escpass);
    GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
    format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], escpass);
    mysql_query(string);
    }
Would work right? and anti injectable?
Reply
#5

Quote:
Originally Posted by Anthonyx3'
Посмотреть сообщение
edit:
pawn Код:
if (dialogid == 1)
    {
    new string[256], escpass[100];
    mysql_real_escape_string(inputtext, escpass);
    GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
    format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], escpass);
    mysql_query(string);
    }
Would work right? and anti injectable?
If that's the correct order for function parameters in the MySQL plugin you use, yes.
Reply
#6

Nice, it worked, thanks bro, and thanks again for warning about injection, i would have forgotten completely
Reply
#7

Sorry for double post again, but how do i get the escpass now for login dialog?
Reply
#8

Do the same thing you did with inputtext (escape it) and perform a select query.
Reply
#9

Alright, thanks ill try and post if any problems
Reply
#10

I don't know if it happens to anyone else, but I also get issues when there is a space after "... VALUES <HERE> (...)". You may want to remove the space, so it's like this:

pawn Код:
format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES('%s', '%s')",UserStats[playerid][Name], escpass);
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)