Posts: 6,129
Threads: 36
Joined: Jan 2009
07.01.2011, 02:36
(
Последний раз редактировалось Calgon; 07.01.2011 в 03:09.
)
You really don't want to be sending passwords (or names) that you either haven't encrypted or escaped to your MySQL database.
Do you think you've missed any code in between declaration of the password variable and querying it? Because otherwise you're sending the string password that contains no data.
Posts: 515
Threads: 74
Joined: Feb 2010
Reputation:
0
oh yeah, im going to be using escpassword, i completely forgot lol. i know i gotta do like input text = pass or something like that.
Posts: 6,129
Threads: 36
Joined: Jan 2009
Quote:
Originally Posted by Anthonyx3'
edit:
pawn Код:
if (dialogid == 1)
{
new string[256], escpass[100];
mysql_real_escape_string(inputtext, escpass);
GetPlayerName(playerid, UserStats[playerid][Name], MAX_PLAYER_NAME);
format(string,sizeof(string),"INSERT INTO `Users` (`Name`, `Password`) VALUES ('%s', '%s')",UserStats[playerid][Name], escpass);
mysql_query(string);
}
Would work right? and anti injectable? |
If that's the correct order for function parameters in the MySQL plugin you use, yes.
Posts: 515
Threads: 74
Joined: Feb 2010
Reputation:
0
Nice, it worked, thanks bro, and thanks again for warning about injection, i would have forgotten completely
Posts: 515
Threads: 74
Joined: Feb 2010
Reputation:
0
Sorry for double post again, but how do i get the escpass now for login dialog?
Posts: 6,129
Threads: 36
Joined: Jan 2009
Do the same thing you did with inputtext (escape it) and perform a select query.
Posts: 515
Threads: 74
Joined: Feb 2010
Reputation:
0
Alright, thanks ill try and post if any problems
.
