[Programie]

Quote:

Originally Posted by ombre If a person know my Mysql Table or the database structure, it's dangerous? Exploit possible?

Insecure:

Код:

new query[256];
format(query, sizeof(query), "SELECT * FROM `mytable` WHERE `mystring` = '%s' AND `myint` = %d", mystring, myint);
mysql_query(query);

Secure:

Код:

new query[256];
new mystring2[256];
mysql_real_escape_string(mystring, mystring2);
format(query, sizeof(query), "SELECT * FROM `mytable` WHERE `mystring` = '%s' AND `myint` = %d", mystring2, myint);
mysql_query(query);

[AndreT]

Yeah, you have to sanitize all input from users.

Also, why not use mysql_format introduced in R6-2?

pawn Код:

new query[256];
mysql_format(1, query, "SELECT * FROM mytable WHERE mystring = '%e' AND myint = %d", mystring, myint);
mysql_query(query);

[Toni]

Quote:

Originally Posted by AndreT Yeah, you have to sanitize all input from users. Also, why not use mysql_format introduced in R6-2? pawn Код: new query[256]; mysql_format(1, query, "SELECT * FROM mytable WHERE mystring = '%e' AND myint = %d", mystring, myint); mysql_query(query);

Still hoping for precise formatting for floats

[MrDaddY]

You forgot to change the version number in a_mysql.inc .

Nice work! I am waiting too for that feature that allows us to precise format floats.

[Bubelbub]

Код:

new query[128];
new id = -1;
mysql_format(1, query, "[Test] %i - %d - %s", id, id, id);

I expect:

Код:

[Test] -1 - -1 - yyyy

But i get:

Код:

[Test]   -   - yyyy

Soooo then i looked into Source.

Example /mysql_rel/source/CScripting.cpp

Код:

unsigned int

I know, this is the Problem.

Код:

signed int

Unsigned = +++++
Signed = ----- / +++++

Can Anyone compile my the Source with "Signed Int" instead of "Unsigned Int"?

[Enchancer]

The latest version doesn't work on debian 6?

[Tomejus]

The latest version (R6-2) doesn't work for me on Debian 5 (32 bit). And R6 too. Only R5. If i'm tryin to run server on R6-2 (R6 too) it runs, but in SA-MP it says that mode: uknown and so on... like plugin doesn't match. Can someone help?: )

[Steve M.]

I want to hash my password in SELECT like this:

pawn Код:

mysql_format(1, g_Query, "SELECT * FROM `rpusers` WHERE `Password` = MD5('%e') AND `Username` = '%e' LIMIT 1", inputtext, GetName(playerid));
mysql_query_callback(playerid, g_Query, "LoginUser");

But it won't hash. It just uses it as a string.

Edit: The problem was in my Password field in the database. The size of field was 30, but it should be 32.

[Macluawn]

How about fixing mysql_set_charset?

[Sreadon]

Hello,

I've a little problem on my server... when I call a function at connection, the server crash with the reason

Quote:

./samp03svr: symbol lookup error: plugins/mysql.so: undefined symbol: compress

Anyone can help me?
OS: Ubuntu 11.04 64bit


Thanks.

[leuser]

Код:

format(sql, sizeof(sql), "SELECT sender, sendername, mail FROM mail WHERE recipient='%d'", pInfo[playerid][pCharacter]);
  	mysql_query(sql);
	mysql_store_result();
	while(mysql_retrieve_row())
	{
		mysql_fetch_row_format(data, "|");
		SendClientMessage(playerid, COLOR_GREY, data); // Testing
        }

Can somebody tell me what im doing wrong? Im trying to complete my mail system. Therefore i need to load the mails the user received from a database. The query seems to work, at least phpmyadmin outputs the correct rows...
which seems correct. Instead of using SendClientMessage i plan to use sscanf to split the string, but first i need to get the mysql part to work. So is there anybody who can tell me, what im doing wrong?

EDIT: The Server just doesnt output anything, so the while loop isnt called at all

EDIT2: Found the mistake, my sql string was to short. But now it only outputs one message, altough there are two rows in my sql database. It also outputs 2 rows in phpmyadmin with the same sql command. What am i doing wrong now?

EDIT3: If i use mysql_num_rows it outputs 2, which is correct. So why does the while loop only run once.

[Hellman92]

Good work

[AndreT]

@leuser:
That's not the correct way to use mysql_retrieve_row. Both functions increment the internal index by one.

You need to do something like this:

pawn Код:

if(mysql_fetch_row_format(data, "|"))
{
    SendClientMessage(playerid, COLOR_GREY, data);
}

[suele]

root@server:~/compile/mysql_rel# make
gcc -c -O3 -w -DLINUX -Wall -I../SDK/amx/ ../SDK/amx/*.c
g++ -c -O3 -w -DLINUX -Wall -I../SDK/amx/ ../SDK/*.cpp
g++ -c -O3 -w -DLINUX -Wall -I../SDK/amx/ main.cpp
g++ -c -O3 -w -DLINUX -Wall -I../SDK/amx/ source/*.cpp
g++ -O2 -fshort-wchar -shared -o "../mysql.so" *.o -L/usr/lib/mysql -lmysqlclient_r -lpthread
/usr/bin/ld: CAmxString.o: relocation R_X86_64_32 against `.bss' can not be used when making a shared object; recompile with -fPIC
CAmxString.o: could not read symbols: Bad value
collect2: ld returned 1 exit status
make: *** [all] Error 1

Can samone help to fix it`?

[LeNy]

Nice plugin, BlueG

Thx

[TheLazySloth]

Cool, but the mysql_connect(host, user, database, password) is not returning correctly...

The error message I made is not showing up even though I closed mysql... It keeps saying successful no matter what.

My Code:

pawn Код:

if(!mysql_connect(MySQL_Host, MySQL_User, MySQL_Database, MySQL_Password)) {
        print("[Server]: Couldn't connect to the MySQL database!");
        print("[Server]: MySQL Information:");
        printf("[Server]: Host: %s", MySQL_Host);
        printf("[Server]: User: %s", MySQL_User);
        printf("[Server]: Password: %s", MySQL_Password);
        printf("[Server]: Database: %s", MySQL_Database);
        print("[Server]: This information provided is most likely incorrect, please fix it.");
        print("//==========================================================================");
        SendRconCommand("exit");
    } else {
        print("[Server]: Connection to the MySQL database successful!");
    }

server_log.txt

Код:

----------
Loaded log file: "server_log.txt".
----------

SA-MP Dedicated Server
----------------------
v0.3c R5, ©2005-2011 SA-MP Team

[14:37:46] filterscripts = ""  (string)
[14:37:46] 
[14:37:46] Server Plugins
[14:37:46] --------------
[14:37:46]  Loading plugin: mysql
[14:37:46] 

  > MySQL plugin R6-2 successfully loaded.

[14:37:46]   Loaded.
[14:37:46]  Loading plugin: sscanf
[14:37:46] 

[14:37:46]  ===============================

[14:37:46]       sscanf plugin loaded.     

[14:37:46]    © 2009 Alex "Y_Less" Cole

[14:37:46]  ===============================

[14:37:46]   Loaded.
[14:37:46]  Loading plugin: streamer
[14:37:46] 

*** Streamer Plugin v2.5.2 by Incognito loaded ***

[14:37:46]   Loaded.
[14:37:46]  Loaded 3 plugins.

[14:37:46] 
[14:37:46] Filter Scripts
[14:37:46] ---------------
[14:37:46]   Loaded 0 filter scripts.

[14:37:46] //--------------------------------------------------------------------------
[14:37:47] [Server]: Connection to the MySQL database successful!
[14:37:47] //==========================================================================
[14:37:47] Number of vehicle models: 0

debug.txt

Код:

[14:37:46] MySQL Debugging activated (11/10/11)

[14:37:46] ---------------------------

[14:37:46]  

[14:37:46] >> mysql_connect( )

[14:37:46] CMySQLHandler::CMySQLHandler() - constructor called.

[14:37:46] CMySQLHandler::CMySQLHandler() - Connecting to "localhost" | DB: "server" | Username: "TheLazySloth" ...

[14:37:47] CMySQLHandler::Connect() - Can't connect to MySQL server on 'localhost' (10061) (Error ID: 2003)

[ikkentim]

I heared that there is a bug where mysql_query can get stuck on a query cousing timeouts, the fix i heared was mysql_query_callback. Is this true? Thanks

[whitedragon]

Quote:

Originally Posted by suele root@server:~/compile/mysql_rel# make gcc -c -O3 -w -DLINUX -Wall -I../SDK/amx/ ../SDK/amx/*.c g++ -c -O3 -w -DLINUX -Wall -I../SDK/amx/ ../SDK/*.cpp g++ -c -O3 -w -DLINUX -Wall -I../SDK/amx/ main.cpp g++ -c -O3 -w -DLINUX -Wall -I../SDK/amx/ source/*.cpp g++ -O2 -fshort-wchar -shared -o "../mysql.so" *.o -L/usr/lib/mysql -lmysqlclient_r -lpthread /usr/bin/ld: CAmxString.o: relocation R_X86_64_32 against `.bss' can not be used when making a shared object; recompile with -fPIC CAmxString.o: could not read symbols: Bad value collect2: ld returned 1 exit status make: *** [all] Error 1 Can samone help to fix it`?

Don't make it in 64 Bit system you will get error. 32 bit it works fine.

Quote:

Originally Posted by TheLazySloth Cool, but the mysql_connect(host, user, database, password) is not returning correctly... pawn Код: if(!mysql_connect(MySQL_Host, MySQL_User, MySQL_Database, MySQL_Password))     {         print("[Server]: Couldn't connect to the MySQL database!");         print("[Server]: MySQL Information:");         printf("[Server]: Host: %s", MySQL_Host);         printf("[Server]: User: %s", MySQL_User);         printf("[Server]: Password: %s", MySQL_Password);         printf("[Server]: Database: %s", MySQL_Database);         print("[Server]: This information provided is most likely incorrect, please fix it.");         print("//==========================================================================");         SendRconCommand("exit");     } else {         print("[Server]: Connection to the MySQL database successful!");     } The error message I made is not showing up even though I closed mysql... It keeps saying successful no matter what. debug.txt Код: [14:37:46] MySQL Debugging activated (11/10/11) [14:37:46] --------------------------- [14:37:46] [14:37:46] >> mysql_connect( ) [14:37:46] CMySQLHandler::CMySQLHandler() - constructor called. [14:37:46] CMySQLHandler::CMySQLHandler() - Connecting to "localhost" | DB: "server" | Username: "TheLazySloth" ... [14:37:47] CMySQLHandler::Connect() - Can't connect to MySQL server on 'localhost' (10061) (Error ID: 2003) Seems to be working.

The mysql_connect() give you Mysql connection handle - it won't give you never negative value or 0 you have to check

pawn Код:

if(mysql.ping() == 1)

mysql_connect(); is not for checking if mysql success. It's not PHP or like that

[TheLazySloth]

Thank you.

[robanswe]

Quote:

Originally Posted by ikkentim I heared that there is a bug where mysql_query can get stuck on a query cousing timeouts, the fix i heared was mysql_query_callback. Is this true? Thanks

It's not an bug... Sa-mp is single thread so it can only do one thing at the time... So if mysql_query takes 20ms to execute it will stop the server for 20ms. The time it takes for mysql_query to execute depends on the mysql servers load and the ping to the mysql server. But yes using mysql_query_callback would fix that problem.