MySQL query help

xrefresh · **Author**

Hi,

I just made a plugin that takes info from a command that a client has typed in that gets inserted into a Mysql database. My question is, what is the proper way to format a query? I keep getting "MySQL ERROR: Column count doesn't match value count at row 1". I'm new to Sourcemod coding so any help would be much appreciated.

ecca · 12-23-2012 , 11:04 Re: MySQL query help

Post your query please.

xrefresh · 12-23-2012 , 15:35 Re: MySQL query help

Haha, forgot about that.

PHP Code:


			
Format(query, 400, "INSERT INTO ctbans (name, steam, ban_time, admin_steam, reason) VALUES ('%s', '%s', '%s' '%s', '%s')", arg1, arg2, time, adminsteamid, arg3);

The first row is a ID field that is set to AUTO_INCREMENT.

Impact123 · 12-23-2012 , 15:47 Re: MySQL query help

The query itself looks okay to me, but.

You should (if not already) escape userinputs, in this case the args.
You should use sizeof(myString) instead of 400 even if the size is the same.

If the error persists print out your formatted query and post it here.
I haven't saw enough code to say more.

Have you checked if this query works if you execute it directly via sql?

Yours sincerely
Impact

xrefresh · 12-23-2012 , 17:35 Re: MySQL query help

Quote:

Originally Posted by Impact123

The query itself looks okay to me, but.

You should (if not already) escape userinputs, in this case the args.
You should use sizeof(myString) instead of 400 even if the size is the same.

If the error persists print out your formatted query and post it here.
I haven't saw enough code to say more.

Have you checked if this query works if you execute it directly via sql?

Yours sincerely
Impact

What do you mean escape userinputs? Could you provide a example?

Thanks for the tip.

As for the error, I figured it out. I left out a comma and didn't notice it for the longest time.

Impact123 · 12-23-2012 , 17:44 Re: MySQL query help

Please don't fullquote me, especially if you answer directly to my post.
If your input has for example an quotation mark it can cause your query to fail, not to mention the possibility to do an sql injection.
To avoid this you should escape your unsafe strings with this function.

Example

The other thing you can try is to escape the whole query after you formatted it though i've never seen someone doing this.

Yours sincerely
Impact

PriceLess · 12-23-2012 , 19:32 Re: MySQL query help

Quote:

Originally Posted by Impact123

Please don't fullquote me, especially if you answer directly to my post.
If your input has for example an quotation mark it can cause your query to fail, not to mention the possibility to do an sql injection.
To avoid this you should escape your unsafe strings with this function.

Example

The other thing you can try is to escape the whole query after you formatted it though i've never seen someone doing this.

Yours sincerely
Impact

Nice idea =D

xrefresh · 12-23-2012 , 20:24 Re: MySQL query help

Thank you Impact for the help but I'm still sorta confused about that function and what not since I'm still new to scripting. If you don't mind, would you be willing to take a look at what I wrote and give any suggestions or tips in a PM? It's pretty short since I wanted to do something possible with my skill level.

1 last question to anyone who happens to reply. When a user inputs a steamid into the command and it gets inserted to Mysql, it stops before ':'(ex. STEAM_0) and doesn't record the entire steamid. I'm using the below code so I must be doing something the wrong way.

Code:

new String:arg2[32]
GetCmdArg(1, arg2, sizeof(arg2));

Impact123 · 12-23-2012 , 20:33 Re: MySQL query help

If it's not that much code and it's readable, why not.
You have to quote your steamid if you use GetCmdArg.

Code:

plugincommand "STEAM_0:0:12345"

Yours sincerely
Impact

Skyy · 12-24-2012 , 05:14 Re: MySQL query help

xrefresh, is your query now working as intended?