25.07.2018, 22:39
When working with tqueries, you need to load your data using callback functions.
You can't read the data right after sending the query because there is no result yet.
Also load the position of the player in this callback and store it in your playerinfo array as well.
Then you can use it directly in your OnPlayerRequestClass callback.
You were trying to read data from a non-existing cache, directly into the OnPlayerRequestClass callback, which didn't receive a cache object.
Didn't you get errors in your mysql-log about this?
Another piece of advice: when using mysql with strings like a player's name, always escape the string to prevent mysql injection.
Instead of using format, use mysql_format like in my code and don't use %s but use %e.
This automatically escapes strings.
If you don't, someday your database may be wiped clean.
Consider this query.
Now if someone would login with his name set to:
A little weird, but it happens.
Your query would end up like this:
This would firstly load no accounts from your database since the data-part is empty, probably confusing your loading function.
But the worst of all, the DROP TABLE command which follows, will simply delete your accounts table without even asking if it's convenient.
Using mysql_format with %e for strings prevents this.
You can't read the data right after sending the query because there is no result yet.
PHP код:
stock LoadPlayerStats(playerid)
{
if(playerInfo[playerid][LoggedIn] == true)
{
new query[200], name[24];
GetPlayerName(playerid, name, 24);
mysql_format(SQL_db, query, sizeof(query), "SELECT * FROM `accounts` WHERE `playerName` = '%e'", name);
mysql_tquery(SQL_db, query, "Player_OnDataLoad", "i", playerid);
}
}
forward Player_OnDataLoad(playerid);
public Player_OnDataLoad(playerid)
{
playerInfo[playerid][playerAdmin] = cache_get_value_int(0, "playerAdmin", playerInfo[playerid][playerAdmin]);
playerInfo[playerid][playerMod] = cache_get_value_int(0, "playerMod", playerInfo[playerid][playerMod]);
playerInfo[playerid][playerHelper] = cache_get_value_int(0, "playerHelper", playerInfo[playerid][playerHelper]);
playerInfo[playerid][playerLevel] = cache_get_value_int(0, "playerLevel", playerInfo[playerid][playerLevel]);
playerInfo[playerid][playerCash] = cache_get_value_int(0, "playerCash", playerInfo[playerid][playerCash]);
SetPlayerScore(playerid, playerInfo[playerid][playerLevel]);
GivePlayerMoney(playerid, playerInfo[playerid][playerCash]);
cache_get_value_name_float(0, "playerX", playerInfo[playerid][spawnX]);
cache_get_value_name_float(0, "playerY", playerInfo[playerid][spawnY]);
cache_get_value_name_float(0, "playerZ",playerInfo[playerid][spawnZ]);
return 1;
}
public OnPlayerRequestClass(playerid, classid)
{
if(playerInfo[playerid][LoggedIn] == true)
{
SetSpawnInfo( playerid, 0, 0, playerInfo[playerid][spawnX], playerInfo[playerid][spawnY], playerInfo[playerid][spawnZ], 0, 0, 0, 0, 0, 0, 0 );
SpawnPlayer(playerid);
}
return 1;
}
Then you can use it directly in your OnPlayerRequestClass callback.
You were trying to read data from a non-existing cache, directly into the OnPlayerRequestClass callback, which didn't receive a cache object.
Didn't you get errors in your mysql-log about this?
Another piece of advice: when using mysql with strings like a player's name, always escape the string to prevent mysql injection.
Instead of using format, use mysql_format like in my code and don't use %s but use %e.
This automatically escapes strings.
If you don't, someday your database may be wiped clean.
PHP код:
SELECT * FROM `accounts` WHERE `playerName` = '%s'
Now if someone would login with his name set to:
PHP код:
'; DROP TABLE 'accounts';'
Your query would end up like this:
PHP код:
SELECT * FROM `accounts` WHERE `playerName` = ''; DROP TABLE 'accounts';''
But the worst of all, the DROP TABLE command which follows, will simply delete your accounts table without even asking if it's convenient.
Using mysql_format with %e for strings prevents this.