[amirab]

hey all
in changing password in game
i wanna update the password field
but i'll get errors

this is my code :

PHP код:

mysql_format(g_MySQL, query, sizeof(query), "UPDATE `accounts` SET `Password` = %e WHERE `UserID`=%d" , inputtext, PlayerInfo[playerid][UserID]); 


can anybody help me? i really need it

[Sawalha]

Add the ' symbol near %d and %s :

pawn Код:

"UPDATE `accounts` SET `Password`='%s' WHERE `UserID`='%d'", inputtext, PlayerInfo[playerid][UserID]);

Recommended to use %i instead of %d for user ids.

[amirab]

oh god thanks
i forgot to add this in here
in saving at OnPlayerDisconnect i did but here ....
thanks +REP

[Vince]

Plaintext password, unescaped. No.

[BroZeus]

Quote:

Originally Posted by Vince Plaintext password, unescaped. No.

Explain to him in more details. Experienced scripters can understand what you are trying to say here but he may not.

Well he is trying to say that use mysql_escape_string function on password to avoid mysql injections and use a hasher to hash the password in case your mysql gets hacked. You can read at ****** about them.

[M4D]

Quote:

Originally Posted by BroZeus Explain to him in more details. Experienced scripters can understand what you are trying to say here but he may not. Well he is trying to say that use mysql_escape_string function on password to avoid mysql injections and use a hasher to hash the password in case your mysql gets hacked. You can read at ****** about them.

He use mysql_format , so he can use %e instead of %s…
It will automaticly escape string !