Database Number of arg

CopyPaste · Jul 16, 2015, 05:08 PM

Error in mysql_query wrong number of arguments

 sqliteDB <- mysql_connect( "localhost", "root", "fenkyou", "notwork" );  // on scriptload

 if( cmd == "saveloc" ){
  
 sqliteDB <- mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + text + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" ); 
   
 }

I type /saveloc mansion im getting error

. · Jul 16, 2015, 05:10 PM

If that error doesn't tell what's wrong then I don't know what will. But your username does tell a lot about you.

Thijn · Jul 16, 2015, 05:10 PM

You're overwriting your database pointer. You don't want that. If it's a query that you don't care the output from (So insert/update/delete etc.) just do mysql_query without saving it anywhere.

CopyPaste · Jul 16, 2015, 05:26 PM

Thanks Thijn , it is working now but it is not saving in database

This is my database
CREATE TABLE Gotoloc( Name VARCHAR(32), x INT, y INT, z INT, Creator VARCHAR(25) )

DizzasTeR · Jul 16, 2015, 05:40 PM

He already told you, if you are not taking any data from a query, you don't need to assign it variables ( specially global... ) and just execute the query like so

Code Select

mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + escapeSQLString( text ) + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" );

You also didn't escape the SQL string, Get used to it or someone like finch will most probably screw your server up.

Thijn · Jul 16, 2015, 06:02 PM

Quote from: Doom_Killer on Jul 16, 2015, 05:40 PMsomeone like finch will most probably screw your server up.

Lol, he's way too stupid for that.

FarisDon · Jul 16, 2015, 09:31 PM

FinchDon similar to FarisDon so many people on vccnr call me finch and then i need to explain them thats the reason to change my precious nick to Axel -,-

CopyPaste · Jul 17, 2015, 02:36 AM

Doom Killer i already removed that

Code Select

 mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + text + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" ); 
// Ok i will use yours for security purpose

 mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + escapeSQLString( text ) + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" );

now it works i did a mistake at last + player.Name + "')"

CopyPaste · Jul 17, 2015, 03:46 AM

Code Select

            local q =  ::mysql_query( sqliteDB, "SELECT x, y, z, Creator FROM Gotoloc WHERE Name = '"+ escapeSQLString( text ) +"'" );
  
          if (mysql_num_fields(q,0) != null)
          {
                local x = mysql_num_fields(q,0), y = mysql_num_fields(q,1), z = mysql_num_fields(q,2), Creator = mysql_num_fields(q,3);
    player.Pos = Vector( x, y, z );
          }

when i type /gotoloc savedloc im going to golf area and

Code Select

 mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + escapeSQLString( text ) + "', '" + player.Pos.x.tofloat() + "', '" + player.Pos.y.tofloat() + "', '" + player.Pos.z.tofloat() + "', '" + player.Name + "')" );

why don't float work here

Thijn · Jul 17, 2015, 05:43 AM

Because you tell your database it's an int. If you want to save x,y and z as floats you have to tell the database you're gonna do that. So change the type of your xyz columns to floats.

CopyPaste · Jul 17, 2015, 06:11 AM

Thanks XD its working but why goto loc not working

Code Select

local q =  ::mysql_query( sqliteDB, "SELECT x, y, z, Creator FROM Gotoloc WHERE Name = '"+ escapeSQLString( text ) +"'" );
  
          if (mysql_num_fields(q,0) != null)
          {
                local x = mysql_num_fields(q,0).tofloat(), y = mysql_num_fields(q,1).tofloat(), z = mysql_num_fields(q,2).tofloat(), Creator = mysql_num_fields(q,3);
    player.Pos = Vector( x.tofloat(), y.tofloat(), z.tofloat() );
    MessagePlayer( "Syntax Error! You teleported to "+ escapeSQLString( text ) +" "+ x.tofloat" "y.tofloat()""z.tofloat()"", player );
          }

EK.IceFlake · Jul 17, 2015, 07:14 AM

Quote from: Doom_Killer on Jul 16, 2015, 05:40 PMYou also didn't escape the SQL string

Exactly what I told you... I still know of a few servers which are vulnerable to SQL injection (in fact, every server that I have made)

DizzasTeR · Jul 17, 2015, 07:14 AM

You don't need to use.tofloat from the x, y, z data you get since its already float. Same goes for setting thr position, don't use .tofloat with them since they are floats.

CopyPaste · Jul 17, 2015, 07:20 AM

Doom , with float and without float when i type /gotoloc im going to gulf area no matter what loc i type i will go to gulf

Mashreq · Jul 17, 2015, 07:42 AM

Try using this one:

Code Select

local q =  ::mysql_query( sqliteDB, "SELECT x, y, z, Creator FROM Gotoloc WHERE Name = '"+ escapeSQLString( text ) +"'" );
  
          if (mysql_num_fields(q,0) != null)
          {
                local x = mysql_num_fields(q,0), y = mysql_num_fields(q,1) z = mysql_num_fields(q,2), Creator = mysql_num_fields(q,3);
    player.Pos = Vector( x.tofloat(), y.tofloat(), z.tofloat() );
    MessagePlayer( "Syntax Error! You teleported to "+ escapeSQLString( text ) +" "+ x.tofloat" "y.tofloat()""z.tofloat()"", player );
          }

I dont know much about Mysql.