[Yuval_Baruch]

hey, i have a problem when i use some of the SQL functions like: UPDATE or even CREATE
the error is about SQL version.. thing is its up to date.
here is the error:

Error in mysql_query: You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near 'name=bank pickup=1239 text=Back sp_x=1459.3708
sp_y=-1010.5864 sp_z=26.8437 ex_x' at line 1


and i also can't use '~' in SQL Char var for some reason, when i use it server crashes... any why to fix those things?
thanks, yuval.

[Yuval_Baruch]

one more things, there are lines i use UPDATE that it works and ain't giving me any error.

[MenaceX^]

What's CREATE?

[Yuval_Baruch]

creating table...
but its not working VIA servers... (its an SQL function.)


here is example of line that returns me the error after being quary'd

Quote:

format(sql, sizeof(sql), "UPDATE spots SET id=%d, name='%s', pickup=%d, text='%s', sp_x=%.4f, sp_y=%.4f, sp_z=%.4f, ex_x=%.4f, ex_y=%.4f, ex_z=%.4f, enterable=%d, inter=%d, world=%d, WHERE id=%d,",

[MenaceX^]

Oh, I thought you mean something in .pwn
You mean like CREATE TABLE `shit`.

Hmhm, the reason of crashing your server when you use `~' and such, it's because of a sql injection, those injections create themselves when something gets into the database and includes those characters.

You have two options:
1. Block those characters by strfind.
2. Use the existing function to block them, samp_mysql_real_escape_string.

[Yuval_Baruch]

i use option number 2 anyway..
and i dont use those ~, cuz now i know it crashes


-----
and, my server is not crashing.
its only returns the error after i send the query...

[MenaceX^]

If you make something dynamic, like. Hmhm, name of a faction that needs to be in the database so it goes like
INSERT INTO `table` (factionid,factioname) VALUES (%d,'%s'),factionid,factionname);
Then the name might have bad characters that probably will make a crash.
You need to do.
samp_mysql_real_escape_string(factionname);

[Yuval_Baruch]

mate, i know how to work with SQL..
and problem is not with INSERT stuff.. its easy..
i got the meaning of the problem.. i might missed up few string variables when i sent the query..
thanks for your help im fixing those problems in my script right now.