[CuervO]

Quote:

Originally Posted by Misiur If query doesn't contain a single parameter, you can simply pass it to mysql_query. Think of format + SendClientMessage (just with additional %e).

Weird that i haven't done it like that (You can check other queries on which I did). Also even weirder that I haven't used IN() instead of just writing that two times.. I guess just a slip :P

Quote:

Originally Posted by Misiur /remaction is vunerable to sqli

I really thought I escaped that... fixed; either way it's a RCON admin CMD meant only for development. If the admin is dumb enough to delete all of his actions then.. well.. i've got no words.
I just also noticed other vulnerabilities in the script, I guess I just forgot to escape the data.
EDIT: Even more vulnerabilities. I'm the dumb one.

Quote:

Originally Posted by Misiur Code: if(sscanf(params,"s[32]", id)) Using sscanf to fetch single string is unnecessary, use Code: if(isnull(params)) Then params instead id.

As I said it's not really a script breaking thing, and very very minor. I just got used to sscanf when checking parameters. Either ways I would need an additional check to limit the string input to 32.

Quote:

Originally Posted by Misiur Default JOIN is INNER JOIN in mysql engine. Please specify type of join you want, because in most cases it should be LEFT JOIN.

I did test all the queries before adding them and I got the expected results without problems, since I've got the expected results I had no reason not to use the inner join, I believe this is not completely useful when selecting exact data from two tables as there will be no difference if doing an inner join or a left join.

Quote:

Originally Posted by Misiur Overall nice system, I like it. P.S. I hate you forever and ever for raven's rp.

Why does everyone tell me that?