[MotherDucker]

Doesn't matter, this has been fixed.

[Abagail]

Which line is 319?

[Konstantinos]

I know you fixed it but keep in mind that the output of WP_Hash will always be between 0-9 and A-F so there isn't any reason to escape the string. Any other input by user (strings) - yes, escape them to avoid SQL Injection.

[MotherDucker]

Quote:

Originally Posted by Konstantinos I know you fixed it but keep in mind that the output of WP_Hash will always be between 0-9 and A-F so there isn't any reason to escape the string. Any other input by user (strings) - yes, escape them to avoid SQL Injection.

Alright, I've changed it however the actual WP_Hash value.. i.e. the encryption isn't actually showing into the db; so in the password field on the db, it is blank.. here is the script.

Код:

{
	WP_Hash(HPass, 129, inputtext);
	mysql_format(1, query, sizeof(query), "INSERT INTO masterdata (uName, uPass) VALUES ('%e', '%e')", MasterData[playerid][uName], HPass);
	mysql_tquery(1, query, "OnPlayerAccountRegister", "i", playerid);
}

[Konstantinos]

But it executes the query correctly, I mean it creates a new record with the player's name?

Make sure that uPass is VARCHAR with 128 length in the table structure. Other than that, the only reason I can think of was a bug with %e specifier in version < R33 which has been fixed months ago. If you do not use the latest version (R39-3), you better update it.

[MotherDucker]

The VARCHAR is actually set to 129 just in case, so it shouldn't be affected, and I am running on R39-3 so I don't understand why it is doing this.

This is the log if you need it.

Код:

[22:07:44] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called
[22:07:47] [DEBUG] mysql_format - connection: 1, len: 128, format: "INSERT INTO masterdata (uName, uPass) VALUES ('%e', '%e')"
[22:07:47] [DEBUG] mysql_tquery - connection: 1, query: "INSERT INTO masterdata (uName, uPass) VALUES ('Duck', '')", callback: "OnPlayerAccountRegister", format: "i"
[22:07:47] [DEBUG] CMySQLQuery::Execute[OnPlayerAccountRegister] - starting query execution
[22:07:47] [DEBUG] CMySQLQuery::Execute[OnPlayerAccountRegister] - query was successfully executed within 46.478 milliseconds
[22:07:47] [DEBUG] CMySQLResult::CMySQLResult() - constructor called
[22:07:47] [DEBUG] Calling callback "OnPlayerAccountRegister"..
[22:07:48] [DEBUG] CMySQLResult::~CMySQLResult() - deconstructor called

[Konstantinos]

I don't understand why it doesn't pass the second argument, it's like HPass is NULL.

Debug it:

pawn Код:

new HPass[129];
WP_Hash(HPass, 129, inputtext);
printf("HPass: \"%s\"", HPass);

Does it print the message?

[MotherDucker]

Yeah, it shows the string.. there is a value to it, however if you look in the mysql debug, it shows that the uPass value isn't there..

Код:

[22:07:47] [DEBUG] mysql_tquery - connection: 1, query: "INSERT INTO masterdata (uName, uPass) VALUES ('Duck', '')", callback: "OnPlayerAccountRegister", format: "i"

[Vince]

Quote:

Originally Posted by Konstantinos Make sure that uPass is VARCHAR with 128 length in the table structure

Sidenote: use normal CHAR since every value in that column will have the same length. This is slightly more efficient because MySQL does not have to store the length of the text.

[MotherDucker]

Quote:

Originally Posted by Vince Sidenote: use normal CHAR since every value in that column will have the same length. This is slightly more efficient because MySQL does not have to store the length of the text.

Alright, Thanks for the advice