SA-MP Forums

Go Back   SA-MP Forums > SA-MP Scripting and Plugins > Scripting Help > Tutorials

Reply
 
Thread Tools Display Modes
Old 29/09/2012, 10:53 PM   #101
AndreT
Gangsta
 
AndreT's Avatar
 
Join Date: Jul 2011
Posts: 966
Reputation: 414
Default Re: Using BlueG's MySQL plugin R7 (with cache)

I'm glad you fixed the issue.

What I meant by vulnerable to SQL injections is this textbook example when a player inserts a single quote (') as their password, the query will look like:
SELECT * FROM players WHERE name = 'Andre' and pass = '''
(3 single quotes in the end).
This will just break the query, but think what would happen if the user entered "lol'; DROP TABLE players;" as their password. Poof, whole table with all infos = gone.

Use mysql_real_escape_string to avoid it (or try using mysql_format, see if you can without crashing).

Also, 100 posts.
AndreT is offline   Reply With Quote
Old 03/10/2012, 09:08 PM   #102
Richie©
Banned
 
Join Date: Feb 2012
Location: Norway
Posts: 368
Reputation: 53
Default Re: Using BlueG's MySQL plugin R7 (with cache)

Thanks for the good tutorial!
I succeeded on converting my cmds from normal threaded queries to cache, but im stuck on this were server is supposed to load all vehicles. How to make this with cache?
Note: 'mysql_cquery' is a macro, so nvm that, its enabled cache.
pawn Code:
mysql_cquery("SELECT * FROM `vehicles", THREAD_INITIATE_PUBVEHICLES);

while(mysql_fetch_row(Str))
{
    sscanf(Str, "p<|>iiffff", vehicleid, dModel, VX, VY, VZ, VA);
    //rest of code, unrelevant to cache.
}
Richie© is offline   Reply With Quote
Old 04/10/2012, 05:00 AM   #103
ReneG
High-roller
 
Join Date: Oct 2011
Location: Sublime Text 2
Posts: 1,906
Reputation: 337
Default Re: Using BlueG's MySQL plugin R7 (with cache)

Quote:
Originally Posted by Richie© View Post
Thanks for the good tutorial!
I succeeded on converting my cmds from normal threaded queries to cache, but im stuck on this were server is supposed to load all vehicles. How to make this with cache?
Note: 'mysql_cquery' is a macro, so nvm that, its enabled cache.
pawn Code:
mysql_cquery("SELECT * FROM `vehicles", THREAD_INITIATE_PUBVEHICLES);

while(mysql_fetch_row(Str))
{
    sscanf(Str, "p<|>iiffff", vehicleid, dModel, VX, VY, VZ, VA);
    //rest of code, unrelevant to cache.
}
You need to specify a callback. This should work provided your field names match or w/e
pawn Code:
enum vInfo
{
    vid,
    Float:vPos[4],
    vmodel,
    vcolor1,
    vcolor2
}

new gVehicles[MAX_VEHICLES][vInfo];

stock LoadVehicles()
{
    return mysql_function_query(1, "SELECT * FROM `vehicles", true, "OnVehicleLoad", "");
}

forward OnVehicleLoad();
public OnVehicleLoad()
{
    new rows, fields, content[40];
    cache_get_data(rows, fields);

    new i;
    for(i=0; i<rows; i++) {
        cache_get_field_content(i, "vX", content),          gVehicles[i][vPos][0] = floatstr(content),
        cache_get_field_content(i, "vY", content),          gVehicles[i][vPos][1] = floatstr(content),
        cache_get_field_content(i, "vZ", content),          gVehicles[i][vPos][2] = floatstr(content),
        cache_get_field_content(i, "vA", content),          gVehicles[i][vPos][3] = floatstr(content),
        cache_get_field_content(i, "vModel", content),      gVehicles[i][vmodel] = strval(content),
        cache_get_field_content(i, "vcolor1", content),     gVehicles[i][vcolor1] = strval(content),
        cache_get_field_content(i, "vcolor2", content),     gVehicles[i][vcolor2] = strval(content);
       
        gVehicles[i][vid] = CreateVehicle(...); // fill with with variables fetched above
    }
   
    printf("%d vehicles loaded from database.", i);
   
    return 1;
}
ReneG is offline   Reply With Quote
Old 04/10/2012, 08:54 PM   #104
Richie©
Banned
 
Join Date: Feb 2012
Location: Norway
Posts: 368
Reputation: 53
Default Re: Using BlueG's MySQL plugin R7 (with cache)

Thanks Vincent!
Richie© is offline   Reply With Quote
Old 12/10/2012, 03:56 PM   #105
ScriptWriter
Little Clucker
 
Join Date: Dec 2011
Posts: 41
Reputation: 0
Default Re: Using BlueG's MySQL plugin R7 (with cache)

I have this query.
Code:
SELECT * FROM `players` WHERE `Name` = '%s' AND `Password` = '%s'
So how load player data from database using cache_get_row?

Sorry for bad English. :/
ScriptWriter is offline   Reply With Quote
Old 13/10/2012, 12:58 PM   #106
AndreT
Gangsta
 
AndreT's Avatar
 
Join Date: Jul 2011
Posts: 966
Reputation: 414
Default Re: Using BlueG's MySQL plugin R7 (with cache)

Follow the tutorial, as simple as that.

1. Format the query. Keep in mind that any user input should be escaped prior to querying. In your case, escape the password (either use mysql_format with the %e specifier or mysql_real_escape_string prior to format). I suggest adding a LIMIT clause to your query.
2. Execute it using mysql_function_query, specify a callback that will be fired when the query finishes. Also pass on the player ID to the callback.
pawn Code:
mysql_function_query(dbHandle, query, true, "OnUserDataLoad", "i", playerid);
3. Jump out of your current function and create a new callback.
pawn Code:
forward OnUserDataLoad(playerid);
public OnUserDataLoad(playerid)
{
    // This callback is fired once the query is finished!
}
4. See if the query returned any rows.
pawn Code:
// In the new callback
new rows, fields;
cache_get_data(rows, fields);
if(rows)
{
    // The query returned a row!
}
else
{
    // The query returned nothing!
}
5. Grab the data returned by the query. I suggest you read this post.
pawn Code:
if(rows)
{
    new temp[64];
    cache_get_row(0, 0, temp);
    printf("First field data: %s", temp);
    cache_get_row(0, 1, temp);
    printf("Second field data: %s", temp);
    cache_get_row(0, 7, temp);
    printf("Eight field data: %s", temp);
}

Good luck.
AndreT is offline   Reply With Quote
Old 13/10/2012, 01:03 PM   #107
ScriptWriter
Little Clucker
 
Join Date: Dec 2011
Posts: 41
Reputation: 0
Default Re: Using BlueG's MySQL plugin R7 (with cache)

Thanks, AndreT. But when I using "*" must load field with 0 index or I can start load field with 4 index. Maybe you understand me.
Sorry for bad English. :/
ScriptWriter is offline   Reply With Quote
Old 13/10/2012, 01:05 PM   #108
AndreT
Gangsta
 
AndreT's Avatar
 
Join Date: Jul 2011
Posts: 966
Reputation: 414
Default Re: Using BlueG's MySQL plugin R7 (with cache)

Since you are selecting all fields, which in some cases is not the recommended procedure as the output could probably be reduced and so on, I don't know how many fields your query returns, hence I could not give a valid range of cache_get_row(0, 0-x, temp) lines.

If your query returns at least 5 rows, you can use index 4, sure.
AndreT is offline   Reply With Quote
Old 13/10/2012, 01:15 PM   #109
ScriptWriter
Little Clucker
 
Join Date: Dec 2011
Posts: 41
Reputation: 0
Default Re: Using BlueG's MySQL plugin R7 (with cache)

My query returns about 18 fields, so I can start return field with index sample 4?
ScriptWriter is offline   Reply With Quote
Old 13/10/2012, 02:33 PM   #110
AndreT
Gangsta
 
AndreT's Avatar
 
Join Date: Jul 2011
Posts: 966
Reputation: 414
Default Re: Using BlueG's MySQL plugin R7 (with cache)

If your query returns 18 fields, your field indexes go from 0 to 17.

If the fields returned are, for example:
name, password, score, autotune_setting, kills, deaths
Then their indexes will respectively be:
0, 1, 2, 3, 4, 5

namepasswordscoreautotune_settingkillsdeaths
012345
AndreT is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[HELP]BlueG's MySQL Plugin R7 [DOG]irinel1996 Scripting Help 0 09/04/2012 07:55 PM
Need help with BlueG's mysql plugin DeathTone Server Support 2 11/03/2012 03:02 AM
MySQL Plugin R5 plugin problem dud Scripting Help 12 05/12/2011 06:28 PM
Strikens Mysql vs BlueG's Mysql plugin PrawkC Scripting Help 4 30/09/2011 10:30 AM
mysql plugin. loading plugin failed ikkentim Help Archive 2 10/02/2011 02:32 PM


All times are GMT. The time now is 05:59 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.