1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
mysql injection
Eth
Gangsta
*****
Posts: 791
Threads: 20
Joined: Sep 2013
Reputation: 0
#1

21.04.2014, 20:40
so hi all i was working on my mysql clan system and did everything, and it saves the clan and everything but when i /q and come back again it delete the clan name like: Eth in clan [] has joined the server ..so how to fix that?
Find
Reply
iZN
High-roller
*****
Posts: 2,368
Threads: 27
Joined: Jun 2010
Reputation: 0
#2

21.04.2014, 20:44
First, that's not SQL Injection.

You might want to show the MySQL logs instead of posting this. How would we suppose to help you out?
Find
Reply
Eth
Gangsta
*****
Posts: 791
Threads: 20
Joined: Sep 2013
Reputation: 0
#3

22.04.2014, 10:01
here is the logs:
pawn Код:
[Tue Apr 22 13:11:50 2014] -------------------------
[Tue Apr 22 13:11:50 2014]      Logging Started
[Tue Apr 22 13:11:50 2014] -------------------------
[Tue Apr 22 13:11:50 2014] Function: mysql_init executed with result: "0".
[Tue Apr 22 13:11:50 2014] Connected (0) to root @ localhost via TCP/IP.
[Tue Apr 22 13:11:50 2014] MySQL Server Version 5.6.12-log.
[Tue Apr 22 13:11:50 2014] Function: mysql_stat executed with result: "Uptime: 15  Threads: 1  Questions: 2  Slow queries: 0  Opens: 70  Flush tables: 1  Open tables: 63  Queries per second avg: 0.133".
[Tue Apr 22 13:11:50 2014] Function: mysql_init executed with result: "1".
[Tue Apr 22 13:12:40 2014] Function: mysql_real_esacpe_string executed: "Eth" with result: "Eth".
[Tue Apr 22 13:12:42 2014] Function: mysql_query executed: "SELECT `nick` FROM `playerdata` WHERE `nick` COLLATE latin1_general_cs = 'Eth' LIMIT 1" with result: "0".
[Tue Apr 22 13:12:42 2014] Function: mysql_store_result executed with result: "1"
[Tue Apr 22 13:12:42 2014] Function: mysql_num_rows executed with result: "".
[Tue Apr 22 13:12:42 2014] Function: mysql_free_result executed.
[Tue Apr 22 13:12:51 2014] Function: mysql_real_esacpe_string executed: "ethhackr" with result: "ethhackr".
[Tue Apr 22 13:12:51 2014] Function: mysql_real_esacpe_string executed: "Eth" with result: "Eth".
[Tue Apr 22 13:12:51 2014] Function: mysql_query executed: "SELECT * FROM `playerdata` WHERE `nick` COLLATE latin1_general_cs = 'Eth' AND `password` = '248054603'" with result: "0".
[Tue Apr 22 13:12:51 2014] Function: mysql_store_result executed with result: "1"
[Tue Apr 22 13:12:51 2014] Function: mysql_num_rows executed with result: "".
[Tue Apr 22 13:12:51 2014] Function: mysql_free_result executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_real_esacpe_string executed: "ethhacker" with result: "ethhacker".
[Tue Apr 22 13:12:56 2014] Function: mysql_real_esacpe_string executed: "Eth" with result: "Eth".
[Tue Apr 22 13:12:56 2014] Function: mysql_query executed: "SELECT * FROM `playerdata` WHERE `nick` COLLATE latin1_general_cs = 'Eth' AND `password` = '309068720'" with result: "0".
[Tue Apr 22 13:12:56 2014] Function: mysql_store_result executed with result: "1"
[Tue Apr 22 13:12:56 2014] Function: mysql_num_rows executed with result: "".
[Tue Apr 22 13:12:56 2014] Function: mysql_real_esacpe_string executed: "Eth" with result: "Eth".
[Tue Apr 22 13:12:56 2014] Function: mysql_query executed: "SELECT * FROM `playerdata` WHERE `nick` COLLATE latin1_general_cs = 'Eth' LIMIT 1" with result: "0".
[Tue Apr 22 13:12:56 2014] Function: mysql_store_result executed with result: "1"
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_row executed with result: "1462|Eth|309068720|5|90000057|3318030|9000044|31|0|9939162|5|1|0|3|0|0|0|5|49|44|1317800|0|1300|41.41.238.31|".
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_fetch_field executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_free_result executed.
[Tue Apr 22 13:12:56 2014] Function: mysql_free_result executed.
[Tue Apr 22 13:12:57 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '45',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:12:58 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '46',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:12:59 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '47',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:00 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:01 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '48',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:01 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '49',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:02 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '49',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:02 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '50',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:02 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '50',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:03 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '50',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:03 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '50',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:03 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '51',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
[Tue Apr 22 13:13:03 2014] Function: mysql_query executed: "UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '51',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1" with result: "0".
Find
Reply
Raza2013
Banned
Posts: 342
Threads: 24
Joined: Feb 2013
#4

22.04.2014, 10:04
hmm do you update the qurey when OnPlayerDisconnect ?
Find
Reply
Eth
Gangsta
*****
Posts: 791
Threads: 20
Joined: Sep 2013
Reputation: 0
#5

22.04.2014, 10:06
yes i do
. but when i login it disapear idk why.
Find
Reply
Eth
Gangsta
*****
Posts: 791
Threads: 20
Joined: Sep 2013
Reputation: 0
#6

22.04.2014, 10:26
any one help? here is the clan create command:
pawn Код:
new string[24];
new rfid = random(9999999);

if(pInfo[playerid][Scores] < 5000) return SendClientMessage(playerid,COLOR_RED,"{FF0000}Error:{FFFFFF}You need to have at least 5000 score to make a clan");
if(GetPlayerMoney(playerid) < 1000000) return SendClientMessage(playerid,COLOR_RED,"{FF0000}Error:{FFFFFF}You need to have at least 1m of cash to make a clan");
if(sscanf(params,"s[39]",string)) return SendClientMessage(playerid,COLOR_RED,"Usage:/clancreate [clanname]");
if(pInfo[playerid][inclan] == 1) return SendClientMessage(playerid,COLOR_RED,"{FF0000}Error:{FFFFFF}You are already in a clan use /clanleave to leave it");
GivePlayerMoney(playerid,-1000000);
pInfo[playerid][clanrank] = 5;
pInfo[playerid][clanid] = rfid;
pInfo[playerid][inclan] = 1;
pInfo[playerid][Money] += -1000000;
format(pInfo[playerid][clanname], 24, string);
new Query[500];
format(Query, 500, "UPDATE `playerdata` SET `clanname` = '%s' WHERE `id` = '%d' LIMIT 1", string, pInfo[playerid][ID]); //Format the query
mysql_query(Query);
return 1;
}
Find
Reply
Konstantinos
Spam Machine
*****
Posts: 11,827
Threads: 33
Joined: Dec 2011
Reputation: 0
#7

22.04.2014, 10:29
In the logs, the clanname is null.
Find
Reply
Eth
Gangsta
*****
Posts: 791
Threads: 20
Joined: Sep 2013
Reputation: 0
#8

22.04.2014, 10:38
still not working o.o
Edit: i already did it null and still not working....
Find
Reply
Konstantinos
Spam Machine
*****
Posts: 11,827
Threads: 33
Joined: Dec 2011
Reputation: 0
#9

22.04.2014, 10:44
Look at that:

"UPDATE `playerdata` SET `admin` = '5', `score` = '90000057', `money` = '3318030', `pKills` = '9000044', `deaths` = '31' , `vip` = '0' , `clanid` = '9939162' , `clanrank` = '5' , `inclan` = '1' , `Bans` = '0',`captured` = '3',`cookies` = '0',`phone` = '0',`Tplayer` = '0',`Hour` = '5',`Min` = '49',`Sec` = '45',`Baccount` = '1317800',`Crowns` = '0',`Totalxp` = '1300',`clanname` = '' WHERE `id` = '1462' LIMIT 1"

It's empty/null. If that happens when you disconnect and you then connect and select the clanname will be empty again. So the problem is in the query.
Find
Reply
Eth
Gangsta
*****
Posts: 791
Threads: 20
Joined: Sep 2013
Reputation: 0
#10

22.04.2014, 11:02
so how to fix it? :/
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 4 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help