AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting Help (https://forums.alliedmods.net/forumdisplay.php?f=11)
-   -   Mysql error.... have to escape? (https://forums.alliedmods.net/showthread.php?t=56085)

XyXEL 06-06-2007 11:03

Mysql error.... have to escape?
 
this is the error in the log files
Quote:

L 06/06/2007 - 00:26:43: [AMXX] Plugin ("stats.amxx") is setting itself as failed.
L 06/06/2007 - 00:26:43: [AMXX] Plugin says: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'N^ 80^', kills='0', deaths='0'' at line 1
L 06/06/2007 - 00:26:43: [AMXX] Run time error 1 (plugin "stats.amxx") - forced exit
this is plugin code:
PHP Code:

Queries[1] = SQL_PrepareQuery(SqlConnection,"INSERT INTO steamids SET steamid='%s', name='%s', kills='0', deaths='0'",usersteam,clientname

well the problem seems to be the name, why does it cause the error? maybe it has to get escaped? how to escape it in Pawn ?

Brad 06-06-2007 13:39

Re: Mysql error.... have to escape?
 
I'm not sure if it's the problem you're experiencing but I'm pretty sure you don't need to put apostrophes around the numbers.

Further, you're mixing the INSERT syntax and the UPDATE syntax. INSERT is "INSERT INTO tablename (field1, field2, field3) VALUES (value1, value2, value3)".

XyXEL 06-06-2007 14:07

Re: Mysql error.... have to escape?
 
well the query itself does work quite perfect.

The problem is just the value for the field name.
Usually it works, but in this special case there came an error if the clientname was like "N^ 80^".
i get the clienname this way:
PHP Code:

public client_authorized(id){
    new 
clientname[32]
    
get_user_name(id,clientname,31

then is start the query
PHP Code:

Queries[1] = SQL_PrepareQuery(SqlConnection,"INSERT INTO steamids SET steamid='%s', name='%s', kills='0', deaths='0'",usersteam,clientname

N^ 80^ is the name which crashed the query, why did he do?

Brad 06-06-2007 18:39

Re: Mysql error.... have to escape?
 
What kind of SQL datastore? MySQL?

XyXEL 06-07-2007 08:03

Re: Mysql error.... have to escape?
 
yes, its mysql

Brad 06-07-2007 08:48

Re: Mysql error.... have to escape?
 
Will you at least try the correct syntax for the INSERT INTO command?

http://dev.mysql.com/doc/refman/5.0/en/insert.html

XyXEL 06-07-2007 19:08

Re: Mysql error.... have to escape?
 
well.... read the page you posted...
the second syntax example ist just what i used for the insert command...

however.... i discovered the mistake... the user just had a ' in his name, so the query got crashed. i now replace ' in clientname with an emtpy string

Brad 06-07-2007 20:27

Re: Mysql error.... have to escape?
 
Just escape the apostrophe.

Hmm... Didn't realize MySQL allowed that variation of the INSERT INTO command.

XyXEL 06-08-2007 13:33

Re: Mysql error.... have to escape?
 
well, how to escape the apostrophe?

i use this now:
Quote:

while( contain ( clientname, "'" ) != -1 )
replace( clientname, 31, "'", "" )
dont know how to only escape the apostrophe...

Brad 06-08-2007 14:38

Re: Mysql error.... have to escape?
 
\

Code:
replace_all(clientname, 31, "'", "\'");


All times are GMT -4. The time now is 10:35.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.