1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help
  4. Help Archive

Threaded Mode
Simple query..but a error?
Toni
High-roller
*****
Posts: 1,464
Threads: 90
Joined: Aug 2009
Reputation: 0
#1

11.09.2010, 00:44
Hi there,
Out of no where, I have been getting MySQL errors lately.

I don't know why, but this query is so basic, I don't even see a error in it.
pawn Код:
if(dialogid == DGen)
    {
        if(response == 1)
        {
            
            if(!strcmp(inputtext, "Male", true) || !strcmp(inputtext, "Female", true))
            {
                format(str, sizeof(str), "UPDATE `playerinfo` SET `Gender` = '%s' WHERE `user` = '%s'", inputtext, pName(playerid));
                mysql_real_escape_string(inputtext, str);
                mysql_query(str);
                format(str, sizeof(str), "You're gender is %s", inputtext);
                SendClientMessage(playerid, YELLOW, str);
                ShowPlayerDialog(playerid, DAge, DIALOG_STYLE_INPUT, "RC:RP Age", "Please enter your age below", "Submit", "Cancel");
            }
            else
            {
                SendClientMessage(playerid, RED, "ERROR: Please only type Male or Female!");
                ShowPlayerDialog(playerid, DGen, DIALOG_STYLE_INPUT, "RC:RP Gender", "Please enter your gender below", "Submit", "Cancel");
            }
        }
        else
        {
            SendClientMessage(playerid, RED, "ERROR: You cannot cancel these steps!");
            ShowPlayerDialog(playerid, DGen, DIALOG_STYLE_INPUT, "RC:RP Gender", "Please enter your gender below", "Submit", "Cancel");
        }
    }
I'm not sure, and its not tested yet, but I am thinking it is the mysql_real_escape_string(inputtext, str); function.

I have been getting these errors after I add my business system, tbh, that wasn't the problem really.

pawn Код:
MySQL errors:

[Fri Sep 10 19:45:59 2010] Function: mysql_real_esacpe_string executed: "Male" with result: "Male".
[Fri Sep 10 19:45:59 2010] Function: mysql_query executed: "Male" with result: "1".
[Fri Sep 10 19:45:59 2010] Error (0): Failed to exeute query. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Male' at line 1.
EDIT:
yeah..it was mysql_real_escape_string.

But, after I commented it out, I'm worried about MySQL Injections, is there anyway to fix this?
Find
Reply
Toni
High-roller
*****
Posts: 1,464
Threads: 90
Joined: Aug 2009
Reputation: 0
#2

11.09.2010, 13:10
bump...still can't figure out how to fix the syntax errors with mysql_real_escape_string..
Find
Reply
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#3

11.09.2010, 13:57
You need to escape the inputtext before your format it. What you're doing now is:
mysql_query("Male");

pawn Код:
new tmpinput[12];
mysql_real_escape_string(inputtext, tmpinput);
format(str, sizeof(str), "UPDATE `playerinfo` SET `Gender` = '%s' WHERE `user` = '%s'", tmpinput, pName(playerid));
mysql_query(str);
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help
  4. Help Archive