[MSuperXX]

Hello all SA-MP players. I've a business system in my script and it's working perfect in all things except one thing it's the saving to the MySQL database

Код:

00:33:30] [ZCMD] [Michael Robinson]: /bizdescription Michaele's Supermarket
[00:33:31] [MySQL] Query Error - (ErrorID: 1064) (Handle: 1)
[00:33:31] [MySQL] Check /logs/querydump.log to review the query that threw the error.
[00:33:31] Dumping query from 2013/8/15 (0:33:31)

Description: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Supermarket', `Owner`= 'Michael Robinson', `ExteriorX`=1833.556762, `ExteriorY`=-1842.6' at line 1 (index 0). Query:


[00:33:31] UPDATE `businesses` SET `Owned` = 1, `Description` = 'Michaele's Supermarket', `InteriorWorld` = 17, `OwnerName` = 'Michael Robinson', `PosX` = 1833.556762, `PosY` = -1842.611450, `PosZ` = 13.578120, `PosA` = 0.000000, `Lock`= 0, `Type` = 1, `EnterFee` = 50, `Value` = 0, `Money` = 0, `Products` = 15, `Sold` = 35 WHERE `id` = 1

I lately knew the source of the error and it's when I use the (') character into the (/bizdescription ) command to set the business description happens the errors. And when I use the (/bizdescription ) command without the (') character like: (/bizdescription Idlewood 24/7) it saves perfect without that error

And here's the function that saves the business to the database. NOTE: the function called with the /bizdesctiption command to save the business.

pawn Код:

stock BusinessSave(bizid)
{
    new
        szQuery[2048];

    format(szQuery, sizeof(szQuery), "UPDATE `businesses` SET `Owned` = %d, `Description` = %d, `InteriorWorld` = %d, `OwnerName` = '%s', `PosX` = %f, `PosY` = %f, `PosZ` = %f, `PosA` = %f", bizData[bizid][b_Owned], bizData[bizid][b_Name], bizData[bizid][b_INT], bizData[bizid][b_Owner], bizData[bizid][b_fX], bizData[bizid][b_fY], bizData[bizid][b_fZ], , bizData[bizid][b_fA]);
    format(szQuery, sizeof(szQuery), "%s, `Lock` = %d, `Type` = %d, `EnterFee` = %d, `Value` = %d, `Money` = %d, `Products` = %d, `Sold` = %d WHERE `id` = %d", szQuery, bizData[bizid][b_Lock], bizData[bizid][b_Type], bizData[bizid][b_EntFee], bizData[bizid][b_Value], bizData[bizid][b_Money], bizData[bizid][b_Products], bizData[bizid][b_Sold], bizid+1);
    mysql_function_query(iConnectionHandle, szQuery, false, "OnQueryFinish", "i", THREAD_NO_RESULT);
}

So I hope you guys help me. Thanks.

[Scenario]

You need to escape your strings. Basically, any string you're inserting into a database that can be typed out directly from a player needs to be escaped. For one it will make it so you don't receive SQL errors if, for example (like in this case), they put an apostrophe in the string. It also makes it so people can't destroy your database.

Use mysql_real_escape_string() or mysql_escape_string() (if running R31) to do this.

[MSuperXX]

Thanks +Rep