PDA

View Full Version : Saving into sqlite.


Unri
27/09/2013, 07:19 PM
Hello, i just want to save one value into db with SQLite, but i dont know how to write the save command. Its reading them fine, if that makes a difference. :S

This is what i tried.
stock SaveFactoryDB()
{
new query[512];
format(query, sizeof(query), "UPDATE `Factory` SET `fMineral` = '%s', WHERE `ffid` = '1'", FactoryInfo[1][fMineral]);
db_query(FactoryDB, query);
return 0;
}

Dragonsaurus
27/09/2013, 07:24 PM
If you are using zcmd:CMD:savefactory(playerid, params[])
{
SaveFactoryDB();
return 1;
}

Konstantinos
27/09/2013, 07:25 PM
That query won't be executed correctly because of the error in the syntax. It also can be improved a little bit and the most important - use DB_Escape to prevent SQL Injection.

new
query[ 48 + /* fMineral's max size */ ]
;
format( query, sizeof( query ), "UPDATE Factory SET fMineral = '%s' WHERE ffid = 1", DB_Escape( FactoryInfo[ 1 ][ fMineral ] ) );


stock DB_Escape(text[])
{
new
ret[80 * 2],
ch,
i,
j;
while ((ch = text[i++]) && j < sizeof (ret))
{
if (ch == '\'')
{
if (j < sizeof (ret) - 2)
{
ret[j++] = '\'';
ret[j++] = '\'';
}
}
else if (j < sizeof (ret))
{
ret[j++] = ch;
}
else
{
j++;
}
}
ret[sizeof (ret) - 1] = '\0';
return ret;
}

Pottus
27/09/2013, 07:26 PM
Ya you fucked up your query here....

Should be:

format(query, sizeof(query), "UPDATE `Factory` SET `fMineral` = '%s' WHERE `ffid` = '1'", FactoryInfo[1][fMineral]);

And of course as Konstantinos said use DB_escape() you may not always need to use it only when there is actual input but it's typically good practice to use it anytime your dealing with strings.

Unri
27/09/2013, 08:16 PM
Its working now, but when it gets saved back into db, it gets saved as some question mark or a letter sometimes. No idea where the problem is now. It gets read as a number, used as a number and saved as some symbol? wtf

Pottus
27/09/2013, 08:20 PM
lol looks like your trying to save integer as a string use this...

format(query, sizeof(query), "UPDATE `Factory` SET `fMineral` = '%i' WHERE `ffid` = '1'", FactoryInfo[1][fMineral]);

You won't need DB_Escape()

Unri
27/09/2013, 08:28 PM
I love you. Finally, after 3 days of staring at the screen, i can proceed at that annoying gm im making..