#1

why i get those error's ?

Код HTML:
[14:05:06] [ERROR] CMySQLQuery::Execute[()] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's faction rank from 1 to 5.')' at line 1
[14:05:23] [ERROR] CMySQLQuery::Execute[()] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's faction rank from 5 to 4.')' at line 1
[14:05:29] [ERROR] CMySQLQuery::Execute[()] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's faction rank from 4 to 3.')' at line 1
[14:05:44] [ERROR] mysql_format - destination size is too small
[14:05:44] [ERROR] CMySQLQuery::Execute[()] - (error #1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
at this cmd ?

Код HTML:
CMD:changerank(playerid, params[])
{
	if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to login pin.");
	if(IsPlayerConnected(playerid))
	{
		if (PlayerInfo[playerid][pLeader] >= 1)
	 	{
			new para1,level,string[256],giveplayer[30],sendername[30],rtext[64];
			if(sscanf(params, "ui", para1,level)) return SendClientMessage(playerid, 0xFFFFFFFF,"{FFFFFF}Syntax: {FFFFFF}/changerank <Name/Playerid> <Rank(1-6)>");
			if(level > 6 || level < 1) return SendClientMessage(playerid, COLOR_WHITE, "{FFB870}Dont go below number 1 or above number 6.");
			if(PlayerInfo[para1][pMember] != PlayerInfo[playerid][pLeader]) return SendClientMessage(playerid, COLOR_WHITE, "{FFB870}This member is not in your faction.");
			if(PlayerInfo[para1][pLeader] > 0) return SCM(playerid,COLOR_WHITE,"{FFB870}This player is a leader.");
			if(para1 != INVALID_PLAYER_ID)
			{
				GetPlayerName(para1, giveplayer, sizeof(giveplayer));
				GetPlayerName(playerid, sendername, sizeof(sendername));
				if(level == 1) format(rtext, sizeof(rtext),"%s",DynamicFactions[PlayerInfo[playerid][pMember]][fRankName1]);
				else if(level == 2) format(rtext, sizeof(rtext),"%s",DynamicFactions[PlayerInfo[playerid][pMember]][fRankName2]);
				else if(level == 3) format(rtext, sizeof(rtext),"%s",DynamicFactions[PlayerInfo[playerid][pMember]][fRankName3]);
				else if(level == 4) format(rtext, sizeof(rtext),"%s",DynamicFactions[PlayerInfo[playerid][pMember]][fRankName4]);
				else if(level == 5) format(rtext, sizeof(rtext),"%s",DynamicFactions[PlayerInfo[playerid][pMember]][fRankName5]);
				else if(level == 6) format(rtext, sizeof(rtext),"%s",DynamicFactions[PlayerInfo[playerid][pMember]][fRankName6]);
				format(string,sizeof(string),"%s changed %s's faction rank from %d to %d.",sendername,giveplayer,PlayerInfo[para1][pRank],level);
				Factionlog(PlayerInfo[para1][pMember],PlayerInfo[para1][pSQLID],PlayerInfo[playerid][pSQLID],string);
				PlayerInfo[para1][pRank] = level;
				format(string, sizeof(string), "%s has promoted you to the rank of %s (%d).", sendername,rtext,level);
				SendClientMessage(para1, COLOR_LIGHTBLUE, string);
				format(string, sizeof(string), "You have promoted %s to the rank of %s (%d).", giveplayer,rtext,level);
				SendClientMessage(playerid, COLOR_WHITE, string);
        		new str[256];
				mysql_format(SQL,str,sizeof(str),"UPDATE users SET `Rank`='%d' WHERE `name`='%s'",PlayerInfo[para1][pRank],PlayerInfo[para1][pNormalName]);
				mysql_tquery(SQL,str,"","");
			}
	     	else return SendClientMessage(playerid, COLOR_WHITE, "{FFFFCC}Error: Player not connected.");
		}
		else return SendClientMessage(playerid, COLOR_WHITE, "{FFB870}Only leaders can use this command.");
	}
	return 1;
}
is the same with others cmd

Код HTML:
CMD:withdraw(playerid, params[])
{
	if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to login pin.");
	if(IsPlayerConnected(playerid))
	{
     	if(IsAtBank(playerid))
		{
			new money,string[100];
			if(sscanf(params, "i", money))
			{
				SendClientMessage(playerid, 0xFFFFFFFF,"{FFFFFF}Syntax: {FFFFFF}/withdraw <Amount of Money>");
				format(string, sizeof(string), "{FFFF00}You have $%s in your account.", FormatNumber(PlayerInfo[playerid][pAccount]));
				SendClientMessage(playerid, COLOR_WHITE, string);
				return 1;
			}
			if (money > PlayerInfo[playerid][pAccount] || money < 1) return SendClientMessage(playerid, COLOR_WHITE, "{FFB870}You dont have that much.");
		    ConsumingMoney[playerid] = 1;
			GivePlayerCash(playerid, money);
			PlayerInfo[playerid][pAccount]=PlayerInfo[playerid][pAccount]-money;
			format(string, sizeof(string), "{FFFF00}You have withdrawn $%s from your account Total: $%s.", FormatNumber(money),FormatNumber(PlayerInfo[playerid][pAccount]));
			SendClientMessage(playerid, COLOR_WHITE, string);
    		new str[168];
			mysql_format(SQL,str,sizeof(str),"UPDATE users SET `Money`='%d',`Bank`='%d' WHERE `name`='%s'",GetPlayerCash(playerid),PlayerInfo[playerid][pAccount],PlayerInfo[playerid][pNormalName]);
			mysql_tquery(SQL,str,"","");
			return 1;
		}
		else
		{
			SendClientMessage(playerid, COLOR_WHITE, "You are not at the bank!");
	        return 1;
 		}
	}
	return 1;
}
Reply
#2

That specific formatted text is stored in "string" and is used in Factionlog function. As you log everything to mysql, use mysql_format with %e in strings to escape the special characters.

For the second error, the size of the query is too small. If you use R40+ (mysql plugin version) then compiling with debug info will give you the line for that query in the script.
Reply
#3

yea but /changerank and /withdraw no cmd is in factionlog and both are the same with %d and %s at /withdraw i do not have any problem only at /changerank should i put it like this ?

Код HTML:
new str[1000];
				mysql_format(SQL,str,sizeof(str),"UPDATE users SET `Rank`='%e' WHERE `name`='%e'",PlayerInfo[para1][pRank],PlayerInfo[para1][pNormalName]);
				mysql_tquery(SQL,str,"","");
or just only at

Код HTML:
`Rank`='%e'
Reply
#4

Special characters (like apostrophe) aren't used in those commands, that's why there isn't any problem but it is still a rule to escape strings to avoid being victim of SQL Injection.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)