Database Number of arg

Started by CopyPaste, Jul 16, 2015, 05:08 PM

Previous topic - Next topic

CopyPaste

Error in mysql_query wrong number of arguments
sqliteDB <- mysql_connect( "localhost", "root", "fenkyou", "notwork" );  // on scriptload

if( cmd == "saveloc" ){

sqliteDB <- mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + text + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" );

}


I type /saveloc mansion im getting error

.

If that error doesn't tell what's wrong then I don't know what will. But your username does tell a lot about you.
.

Thijn

You're overwriting your database pointer. You don't want that. If it's a query that you don't care the output from (So insert/update/delete etc.) just do mysql_query without saving it anywhere.

CopyPaste

Thanks Thijn ,  it is working now but it is not saving in database

This is my database
CREATE TABLE Gotoloc( Name VARCHAR(32), x INT, y INT, z INT, Creator VARCHAR(25) )


DizzasTeR

He already told you, if you are not taking any data from a query, you don't need to assign it variables ( specially global... ) and just execute the query like so

mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + escapeSQLString( text ) + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" );

You also didn't escape the SQL string, Get used to it or someone like finch will most probably screw your server up.

Thijn

Quote from: Doom_Killer on Jul 16, 2015, 05:40 PMsomeone like finch will most probably screw your server up.
Lol, he's way too stupid for that.

FarisDon

FinchDon similar to FarisDon so many people on vccnr call me finch and then i need to explain them thats the reason to change my precious nick to Axel -,-

CopyPaste

#7
Doom Killer i already removed that
mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + text + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" );
// Ok i will use yours for security purpose

mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + escapeSQLString( text ) + "', '" + player.Pos.x + "', '" + player.Pos.y + "', '" + player.Pos.z + "', '" + player.Name + "'" );

now it works i did a mistake at last  + player.Name + "')"

CopyPaste

#8
          local q =  ::mysql_query( sqliteDB, "SELECT x, y, z, Creator FROM Gotoloc WHERE Name = '"+ escapeSQLString( text ) +"'" );

          if (mysql_num_fields(q,0) != null)
          {
                local x = mysql_num_fields(q,0), y = mysql_num_fields(q,1), z = mysql_num_fields(q,2), Creator = mysql_num_fields(q,3);
player.Pos = Vector( x, y, z );
          }

when i type /gotoloc savedloc  im going to golf area and


    mysql_query( sqliteDB, "INSERT INTO Gotoloc (Name, x, y, z, Creator)  VALUES('" + escapeSQLString( text ) + "', '" + player.Pos.x.tofloat() + "', '" + player.Pos.y.tofloat() + "', '" + player.Pos.z.tofloat() + "', '" + player.Name + "')" );    why don't float work here

Thijn

Because you tell your database it's an int. If you want to save x,y and z as floats you have to tell the database you're gonna do that. So change the type of your xyz columns to floats.

CopyPaste

Thanks XD its working but why goto loc not working
local q =  ::mysql_query( sqliteDB, "SELECT x, y, z, Creator FROM Gotoloc WHERE Name = '"+ escapeSQLString( text ) +"'" );
 
          if (mysql_num_fields(q,0) != null)
          {
                local x = mysql_num_fields(q,0).tofloat(), y = mysql_num_fields(q,1).tofloat(), z = mysql_num_fields(q,2).tofloat(), Creator = mysql_num_fields(q,3);
player.Pos = Vector( x.tofloat(), y.tofloat(), z.tofloat() );
MessagePlayer( "Syntax Error! You teleported to "+ escapeSQLString( text ) +" "+ x.tofloat" "y.tofloat()""z.tofloat()"", player );
          }

EK.IceFlake

Quote from: Doom_Killer on Jul 16, 2015, 05:40 PMYou also didn't escape the SQL string
Exactly what I told you... I still know of a few servers which are vulnerable to SQL injection (in fact, every server that I have made)

DizzasTeR

You don't need to use.tofloat from the x, y, z data you get since its already float. Same goes for setting thr position, don't use .tofloat with them since they are floats.

CopyPaste

Doom , with float and without float  when i type /gotoloc im going to gulf area no matter what loc i type i will go to gulf

Mashreq

Try using this one:
local q =  ::mysql_query( sqliteDB, "SELECT x, y, z, Creator FROM Gotoloc WHERE Name = '"+ escapeSQLString( text ) +"'" );
 
          if (mysql_num_fields(q,0) != null)
          {
                local x = mysql_num_fields(q,0), y = mysql_num_fields(q,1) z = mysql_num_fields(q,2), Creator = mysql_num_fields(q,3);
    player.Pos = Vector( x.tofloat(), y.tofloat(), z.tofloat() );
    MessagePlayer( "Syntax Error! You teleported to "+ escapeSQLString( text ) +" "+ x.tofloat" "y.tofloat()""z.tofloat()"", player );
          }
I dont know much about Mysql.