PDA

View Full Version : Error in sql syntax


DusanInfinity
03/08/2017, 05:22 AM
Log:

[08/02/17 16:27:57] [ERROR] error #1064 while executing query "INSERT INTO `users` (`PlName`, `PassWrd`, `Level`) VALUES ('John', 'passwd\', '1')": You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 1

It's happening only when player enters "\" in the end of PassWrd only and it insert everything fine except PassWrd - in that field it doesnt insert "\" at the end!

But, when player enter PassWrd like this: "test/test" there is no errors in the log!

Vince
03/08/2017, 05:27 AM
Don't store passwords in plain text and learn to sanitize your user inputs.

https://www.youtube.com/watch?v=8ZtInClXe1Q

ISmokezU
03/08/2017, 05:28 AM
Try using a strfind.

Xeon™
03/08/2017, 09:03 AM
Log:

[08/02/17 16:27:57] [ERROR] error #1064 while executing query "INSERT INTO `users` (`PlName`, `PassWrd`, `Level`) VALUES ('John', 'passwd\', '1')": You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'' at line 1

It's happening only when player enters "\" in the end of PassWrd only and it insert everything fine except PassWrd - in that field it doesnt insert "\" at the end!

But, when player enter PassWrd like this: "test/test" there is no errors in the log!

\ is returning to line on pawno. mean by that uncoding of pawn isn't 'passwd\' as its show.