AlliedModders - Help with MYSQL Leak

AlliedModders (https://forums.alliedmods.net/index.php)

- Scripting (https://forums.alliedmods.net/forumdisplay.php?f=107)

- - Help with MYSQL Leak (https://forums.alliedmods.net/showthread.php?t=274591)

Help with MYSQL Leak

Hey all what are the common problems for data leaking into other players stats for example my plugin im making that stores points will some times give the next player that joins the same points loaded for the first player. Iv rewriten my mysql part of my plugin 3 times now all using different ways to save/load data but it still leaks data. is there a reason for this and can someone explain how i can fix it.

PHP Code:


		
			
public DataLoad(client)

{

    decl String:query[400], String:auth[400];

    GetClientAuthId(client, AuthId_Steam3,auth, sizeof(auth));

    FormatEx(query, sizeof(query), "SELECT * FROM XXXx WHERE steamid = '%s'", auth);

    SQL_TQuery(hDatabase, Store_Load_Data, query, client);

}

public DataSave(client)

{

    if (!IsClientInGame(client))

        return;

    

    decl String:query[400], String:auth[400], String:name[200];

    GetClientName(client, name, sizeof(name));

    GetClientAuthId(client, AuthId_Steam3,auth, sizeof(auth));

    FormatEx(query, sizeof(query), "UPDATE XXXx SET Credits = %d, Name = '%s', Trails = %d, Tags = %d, Tier = %d WHERE steamid = '%s'", Credits[client],name,Trails[client],Tags[client], Tier[client], auth);

    SQL_TQuery(hDatabase, T_Save, query, client);

}

Re: Help with MYSQL Leak

Woops i completely forgot ill add that now.

Re: Help with MYSQL Leak

It looks fine to me. I would use print statements in code when a client joins and disconnects, and trace your code's execution that way.

The only way I can possibly think that this code bugs out, assuming this is the only querying code that exists, is if GetClientAuthString is busted on SM's end and it returns the wrong steam ID somehow. (I vaguely remember this being an actual bug... though I'm not entirely sure.)

Re: Help with MYSQL Leak

Quote:

Originally Posted by Potato Uno (Post 2361915)

The only way I can possibly think that this code bugs out, assuming this is the only querying code that exists, is if GetClientAuthString is busted on SM's end and it returns the wrong steam ID somehow. (I vaguely remember this being an actual bug... though I'm not entirely sure.)

It's not an actual bug in SM, but rather a misuse of the API.

If a client's Steam ID isn't validated yet, and calling GetClientAuthId with validate=true, and the client's ID isn't validated by Steam yet, and not checking for GetClientAuthId returning false (failure), and using decl instead of new (or the transitional syntax), you can have another client's Steam ID (or just garbage) in the buffer, since decl doesn't initialize it to anything.

TL;DR, don't use decl, and check the return of GetClientAuthId (or pass "false" for validate, but ONLY if you know what you're doing and it's safe to do so in your case).

Re: Help with MYSQL Leak

Could you please give me an example on how to validate a steamid? or do i just set GetClientAuthId end argument to true?

Re: Help with MYSQL Leak

Quote:

Originally Posted by shadowdragon (Post 2361950)

Could you please give me an example on how to validate a steamid? or do i just set GetClientAuthId end argument to true?

PHP Code:


		
			
if (GetClientAuthId(client, AuthId_Steam3,auth, sizeof(auth))) {
  /* Do whatever you want with client's data here... */
}

Re: Help with MYSQL Leak

Thanks for that. I have tryed it and allowed up to 30-40 people to use the store database how ever out of the 40 5-10 seem to have duplicated data i dont know why its still leaking data from others.