[Abreezy]

Hey guys, instead of just copying codes, i'm trying to learn the meanings of everything, I read the meaning off wiki but just want to another 'answer' for lack of better words from you guys.

First one is:

pawn Код:

mysql_num_rows()

I know this is suppose to tell you how many rows you got or something like that, so how does it work to detect if your registered or not? Is that the only thing it does? - Sorry if i might sound 'nooby' with these questions.

Second question:

How do you compare something using mysql functions? Let's say i want to compare inputtext and pPassword which is on the database, how would you do so? something like

pawn Код:

if(inputtext == pPassword)

Not sure if that would work though, which is why I ask. Thanks in advance guys and gals.

[jamesbond007]

dude i showed u already something like :

select * from username = pname and password = inputtext

then if(mysql_num_rows()>1) // password correct
else // wrong

[[HiC]TheKiller]

Quote:

Originally Posted by jamesbond007 dude i showed u already something like : select * from username = pname and password = inputtext then if(mysql_num_rows()>1) // password correct else // wrong

You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:

pawn Код:

new query[200], pname[24], escapepass[100];
GetPlayerName(playerid, pname, 24);
mysql_real_escape_string(inputtext, escapepass);
format(query, sizeof(query), "SELECT * FROM usertable WHERE name = '%s' AND pPassword = 'escapepass' LIMIT 1");
mysql_query(query);
mysql_store_result();
if(mysql_num_rows() != 0)
{
    // password was correct
}
else
{
    //password wasn't correct
}

For more information, visit the tutorial in my sig .

[Abreezy]

Quote:

Originally Posted by [HiC]TheKiller You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this: pawn Код: new query[200], pname[24], escapepass[100]; GetPlayerName(playerid, pname, 24); mysql_real_escape_string(inputtext, escapepass); format(query, sizeof(query), "SELECT * FROM usertable WHERE name = '%s' AND pPassword = 'escapepass' LIMIT 1"); mysql_query(query); mysql_store_result(); if(mysql_num_rows() != 0) {     // password was correct } else {     //password wasn't correct } For more information, visit the tutorial in my sig .

Thank you, and I have read your tutorial several times, I know how to do most stuff, I just want to understand what I'm doing, if that makes sense.

[Scenario]

... or your could load the password, store it into a variable and use strcmp to check if the two strings match.

[jamesbond007]

Quote:

Originally Posted by [HiC]TheKiller You're missing ' and ' around inputtext and that would be highly prone to SQL injections. You would check if a password is correct like this:

it was pseudo code, i just wrote it as an example. chillax