#1

Why is this not working
pawn Код:
new pass[24];
            mysql_escape_string(inputtext, pass);
            format(query, sizeof(query),"INSERT INTO `players` (`Name`, `Password`) VALUES ('%s', '%s')", GetName(playerid), pass, 1);
            mysql_tquery(sql, query);
It is not showing errors on compile and it is telling me that I have syntax error in log
pawn Код:
[20:29:22] [DEBUG] pushed value 'INSERT INTO `players` (`Name`, `Password`) VALUES' onto AMX stack
[20:29:22] [DEBUG] processing internal specifier 's'
[20:29:22] [DEBUG] pushed value '' onto AMX stack
[20:29:22] [DEBUG] processing internal specifier 's'
[20:29:22] [DEBUG] pushed value 'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1' onto AMX stack
[20:29:22] [DEBUG] processing internal specifier 'c'
Any tips?
Reply
#2

Be aware that inserting string directly will make you vulnerable to SQL Injection. Instead of %s use %e (escape char).

You have 3 format arguments but only 2 have been specified .You're inserting all arguments as a string although you have an integer.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)