Hello,
I'm here for try to have your generous help about a fail on my server.
I use a plugin who use sql. This is the part of the code who have a problem:
Code:
public SaveC(client)
{
if(g_hDatabase == INVALID_HANDLE)
{
LogError("Database connection is lost or not yet initialized.");
return;
}
if(!g_eClients[client][bLoaded])
return;
if(0 >= client < MAXPLAYERS+1)
return;
if(g_eClients[client][iId] <= 0)
return;
if(g_hDatabase)
SQL_EscapeString(g_hDatabase, g_eClients[client][szName], g_eClients[client][szNameEscaped], 128);
decl String:m_szQuery[256];
Format(STRING(m_szQuery),
"UPDATE xxx SET `date_of_last_join`=%d, `username`=\"%s\", `title`=\"%s\", `playtime`=%d WHERE `id`=%d AND 'authid'=\"%s\"",
g_eClients[client][iDateOfLastJoin],
g_eClients[client][szNameEscaped],
g_eClients[client][sTitre],
g_eClients[client][iPlaytime],
g_eClients[client][iId],
g_eClients[client][szAuthId]);
decl String:m_szQuery2[256];
Format(STRING(m_szQuery2),
"UPDATE xxx SET `value1`=%d, `value2`=%d, `value3`=%d WHERE `id`=%d AND 'authid'=\"%s\"",
g_eClients[client][value1],
g_eClients[client][value2],
g_eClients[client][value3],
g_eClients[client][iId],
g_eClients[client][szAuthId]);
SQL_TQuery(g_hDatabase, SQLCallback_Void, m_szQuery);
SQL_TQuery(g_hDatabase, SQLCallback_Void, m_szQuery2);
}
The problem:
When a user have in their username "▄︻̷̿┻̿═━一 ***", all the lines of the table will save with his informations, but i don't understand why !
In my case, i use two sql insert, but the problem is only for the first won. The first insert will replace all the informations in it with the problem user infos, but not the second one!
The username is escaped sql and save like other string, and it's not a condition, but all the line of the table is save with his infos.
This is some past random users values, but they are changed with the user who have ▄︻̷̿┻̿═━一 *** in his username.
Thanks.