AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Sql name problem... (https://forums.alliedmods.net/showthread.php?t=189029)

pokemonmaster 07-02-2012 21:16

Sql name problem...
 
Code:
public client_disconnect(id) {     if(solorun == true)     {         if(id == soloid && is_user_alive(soloid)) // Didn't die         {             new name[32]             get_user_name(soloid, name, 31)     // Solo Gunner name             replace_all(name,31,"'","")             replace_all(name, 31, "^"", "")             //formatex(selectquery, 255, "USE %s", db)             //SQL_ThreadQuery(sql, "query", selectquery)             formatex(g_query, 511, "UPDATE played_time SET playedtime=playedtime-%d WHERE name=^"%s^"", get_pcvar_num(g_Ddisconnect) , name)             SQL_ThreadQuery(sql,"query", g_query)             remove_task(soloid)             return PLUGIN_HANDLED         }         return PLUGIN_HANDLED     }     return PLUGIN_HANDLED }
I'm trying to make a bonus time plugin for played time plugin, the problem is the name, I can't get the name correctly, I tried to comment these 2 lines (the ones that are highlighted) and the name worked perfectly, but as for SQL, I must remove these characters ' & ^, and I don't know how to solve it.
Could someone post an explanation of what's wrong, and how to fix it, if possible?
PS: I took these two lines from the played time plugin.

Liverwiz 07-02-2012 22:27

Re: Sql name problem...
 
why do you need to remove those? They aren't escape chars untill they're called to be as such. Put the name in quotes. (Wrapped in ^")
Either way....replace it with an underscore or soemthing. For whatever reason string natives have troubles with EOS calls. (i.e. an empty string)

doondook 07-03-2012 02:00

Re: Sql name problem...
 
Liverwiz, in SQL symbol " ' " is reserved, and can't be used in a random place, because it separates column names for example.

pokemonmaster 07-03-2012 07:11

Re: Sql name problem...
 
But I don't see anything wrong in the code, is there?

hleV 07-03-2012 08:25

Re: Sql name problem...
 
Shouldn't you only be replacing ' \ ` symbols?
Code:
SecureSqlString(input[], len) {     replace_all(input, len, "\", "\\");     replace_all(input, len, "'", "\'");     replace_all(input, len, "`", "\`"); }

Liverwiz 07-03-2012 10:27

Re: Sql name problem...
 
Quote:

Originally Posted by doondook (Post 1741874)
Liverwiz, in SQL symbol " ' " is reserved, and can't be used in a random place, because it separates column names for example.

I've always had a fond hatred of SQL.

Exolent[jNr] 07-03-2012 10:35

Re: Sql name problem...
 
In names, all you have to worry about are single quotes.
However, since your query wraps the name in double quotes, you don't have to escape it at all.
You can't even have backslashes in your name anyway.

pokemonmaster 07-03-2012 12:34

Re: Sql name problem...
 
So what should I do?

Exolent[jNr] 07-03-2012 12:35

Re: Sql name problem...
 
Quote:

Originally Posted by pokemonmaster (Post 1742332)
So what should I do?

Nothing. You don't have to remove any characters from the name.

pokemonmaster 07-03-2012 16:05

Re: Sql name problem...
 
Just a quick question, can client_disconnect() detect if the user was alive before disconnecting?
Maybe the problem is because of this:
Code:
       if(id == soloid && is_user_alive(soloid))


All times are GMT -4. The time now is 15:25.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.