08.08.2011, 10:36
That's some very messy code, in OnPlayerConnect you first of all do a query which selects all of the columns data for that row, then you store the data, then you do another query again with selects all of the columns data again for that row....without even freeing the result of the last query...but why do you select all of that data in the first place if you're not going to use it? You do the same thing in OnPlayerRequestSpawn, which by the way could be spammed quite heavily, that's a possible denial of service exploit right there since you've not even threaded the query!
There's also an SQL injection exploit in your login code, all someone would have to do is type '; DELETE *; at the login dialog box and your entire database would be deleted. This is especially strange because you take the time to escape the name (which cannot contain quotes so it technically cannot be used for injection), but you don't escape the most important part, the one where someone can literally type anything they want into it.
Another thing is that you have several logic paths where you store a result and never free it!
I don't really know why you're experiencing these problems, but when a system is coded this badly in the first place then it's bound to have a lot of problems.
There's also an SQL injection exploit in your login code, all someone would have to do is type '; DELETE *; at the login dialog box and your entire database would be deleted. This is especially strange because you take the time to escape the name (which cannot contain quotes so it technically cannot be used for injection), but you don't escape the most important part, the one where someone can literally type anything they want into it.
Another thing is that you have several logic paths where you store a result and never free it!
I don't really know why you're experiencing these problems, but when a system is coded this badly in the first place then it's bound to have a lot of problems.