My db is'nt saving i tryed many things QuerySQL( sqliteDB, "UPDATE Accounts SET Cash='" + Cash + "', Bank='" + Bank + "', Kills='" + Kills + "', Deaths='" + Deaths + "', Level='" + Level + "', LastUsedIP='" + LastUsedIP + "' WHERE Name='" + player.Name + "' AND NameLower='" + player.Name.tolower() + "'" );
also tryed this in a function and in onPlayerPart but still not working :( . I tryed to execute this in db it is working there but in script it not working.... plz help
Christ man. Who dafuq uses that many concatenations. Why cant you use functions like format() to make the query. Easier to spot the syntax errors.
Besides, the official plugin does not report query errors. Which means you must manually execute the query in a program that can locate the error or use an alternate (http://forum.vc-mp.org/?topic=420.0) SQLite plugin.
Either way. No one has the patience and time to look through all that crap to find your missing quote or comma. You dig this hole your self. Now you get out of it.
Integers in quotes? Who does that. (thankfully sqlite does implicit conversions).
QuerySQL(sqliteDB,
format(@"UPDATE [Accounts] SET
[Cash]=%i,
[Bank]=%i,
[Kills]=%i,
[Deaths]=%i,
[Level]=%i,
[LastUsedIP]='%s'
WHERE [Name]='%s' AND [NameLower]='%s';",
Cash,
Bank,
Kills,
Deaths,
Level,
LastUsedIP,
player.Name,
player.Name.tolower()
)
);
Quote from: . on Jun 17, 2016, 10:16 AMChrist man. Who dafuq uses that many concatenations. Why cant you use functions like format() to make the query. Easier to spot the syntax errors.
Besides, the official plugin does not report query errors. Which means you must manually execute the query in a program that can locate the error or use an alternate (http://forum.vc-mp.org/?topic=420.0) SQLite plugin.
Either way. No one has the patience and time to look through all that crap to find your missing quote or comma. You dig this hole your self. Now you get out of it.
Integers in quotes? Who does that. (thankfully sqlite does implicit conversions).
QuerySQL(sqliteDB,
format(@"UPDATE [Accounts] SET
[Cash]=%i,
[Bank]=%i,
[Kills]=%i,
[Deaths]=%i,
[Level]=%i,
[LastUsedIP]='%s'
WHERE [Name]='%s' AND [NameLower]='%s';",
Cash,
Bank,
Kills,
Deaths,
Level,
LastUsedIP,
player.Name,
player.Name.tolower()
)
);
I suggest use SQL bind, which can prevent SQL injection.
Quote from: ysc3839 on Jun 17, 2016, 10:26 AMI suggest use SQL bind, which can prevent SQL injection.
That's what I use but unfortunately neither SQLite plugins have that functionality :D
Good point about injections in vc-mp... currently only way I know is remove any quotes symbols and backslashes.
Quote from: vito on Jun 17, 2016, 01:16 PMGood point about injections in vc-mp... currently only way I know is remove any quotes symbols and backslashes.
escapeSQLString. Though, I believe you don't need this for an average VCMP player. They will just play, they don't have a intention to hax :D
Quote from: KAKAN on Jun 17, 2016, 01:41 PMQuote from: vito on Jun 17, 2016, 01:16 PMGood point about injections in vc-mp... currently only way I know is remove any quotes symbols and backslashes.
escapeSQLString. Though, I believe you don't need this for an average VCMP player. They will just play, they don't have a intention to hax :D
escapeSQLString is OK. But SQL bind is more convenient.
Quote from: ysc3839 on Jun 17, 2016, 02:14 PMQuote from: KAKAN on Jun 17, 2016, 01:41 PMQuote from: vito on Jun 17, 2016, 01:16 PMGood point about injections in vc-mp... currently only way I know is remove any quotes symbols and backslashes.
escapeSQLString. Though, I believe you don't need this for an average VCMP player. They will just play, they don't have a intention to hax :D
escapeSQLString is OK. But SQL bind is more convenient.
I don't even think that SQL Bind is needed for VCMP( unless SLC plays )
Quote from: KAKAN on Jun 17, 2016, 04:15 PMQuote from: ysc3839 on Jun 17, 2016, 02:14 PMQuote from: KAKAN on Jun 17, 2016, 01:41 PMQuote from: vito on Jun 17, 2016, 01:16 PMGood point about injections in vc-mp... currently only way I know is remove any quotes symbols and backslashes.
escapeSQLString. Though, I believe you don't need this for an average VCMP player. They will just play, they don't have a intention to hax :D
escapeSQLString is OK. But SQL bind is more convenient.
I don't even think that SQL Bind is needed for VCMP( unless SLC plays )
I disagree. :(
Well...
I was playing on my server and it was a fresh install so I had to make me admin... I didn't want SQLite browser so I tried injecting the code... didn't work :(
I typed: /saveloc '; update players set level=24 where lower(name)='ext-d.crysta;blue';--
no luck :(
I didn't have any SQLite injection protection
Quote from: ext-d.CrystalBlue on Jun 18, 2016, 06:56 AMWell...
I was playing on my server and it was a fresh install so I had to make me admin... I didn't want SQLite browser so I tried injecting the code... didn't work :(
I typed: /saveloc '; update players set level=24 where lower(name)='ext-d.crysta;blue';--
no luck :(
I didn't have any SQLite injection protection
Show your /saveloc code.
And show your database structure.