27.09.2018, 11:17
sscanf utilisation must be: "intenger string" because a string can be anything.
become
Assuming you are using the latest MySQL version, you have to use '%e' specifier to escape string and avoid SQL injections. To use this special specifier, you need to use the function mysql_format.
Your query become better
You are missing a WHERE clause in your query. I advice you to lear a bit SQL language before using it: https://www.w3schools.com/sql/sql_update.asp
PHP код:
sscanf(params, "s[30]ds[30]", factionname, rank, newrankname))
PHP код:
sscanf(params, "ds[30]s[30]", rank, factionname, newrankname))
PHP код:
format(query, sizeof(query), "UPDATE `Factions` SET `Name` = '%s', Rank1 = '%s'", factionname, newrankname);
mysql_tquery(g_SQL, query);
Your query become better
PHP код:
mysql_format(query, sizeof(query), "UPDATE `Factions` SET `Name` = '%e', Rank1 = '%e'", factionname, newrankname);
mysql_tquery(g_SQL, query);