[Metharon]

[23:04:35] [ERROR] CMySQLQuery::Execute[OnAccountRegister] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''6789\', 0)' at line 1


How can i fix this .. ? i think is because of the ' / '

[xVIP3Rx]

Probably yeah, show me the query..

[Metharon]

pawn Код:

mysql_format(mysql, query, sizeof(query), "INSERT INTO `players` ( `Name`, `Password`, `Tutorial`) VALUES ('%s', '%s', 0)", GetName(playerid), inputtext);
                mysql_tquery(mysql, query, "OnAccountRegister", "i", playerid);

[Vince]

Never, ever put raw user input into a query.



Besides, you should or rather MUST hash passwords, anyway.

[xVIP3Rx]

Quote:

Originally Posted by Vince

Lol

A question though, What if the user forgot his password and wants it back ? are there any functions to restore the password from the hashed string ( SHA1 Specially )?

[Vince]

No. That's the point. That's also the reason websites send you a new random password in case you forget it. If a website sends your password back to you in plain text then you really ought to stop using that website. Would you feel comfortable knowing that anyone that accesses the database (including staff and hackers) could read every user's password, in plain text, just like that? I sure as hell wouldn't.