Raised This Month: $ Target: $400
 0% 

[TUT] Sql remote sending - without sqlx module


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
hip_hop_x
Senior Member
Join Date: Apr 2006
Old 02-01-2008 , 15:37   [TUT] Sql remote sending - without sqlx module
Reply With Quote #1

I made this tutorial to explain people how to send data to the sql server, without logging into it from the plugin, and without sqlx plugin. This is more secure.
You'll need a web server server with sql and php.

The cs_sql.php page will recive the name submited by the string, using the show_motd.

The amxmodx script code.
Code:
new name[18] get_user_name(id, name, 17) new string[128] formatex(string, sizeof string - 1, "http://www.codeheaven.org/cs_sql.php?data1=%s", name) show_motd(id,string,"Sending The Name")

In the cs_sql.php
PHP Code:
<?php
mysql_connect
("localhost""mysql_user""mysql_password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

$data1=$_GET['data1'];
mysql_real_escape_string($data1);
if(!
$data1 || preg_match("/http/",$data1){//here we check if $data1 exists, or if data1 contains http, if does data won't be added in the sql
die("invalid data sent");}
mysql_query("INSERT INTO `player_table` VALUES('$data1')") or die("Sql error");
echo 
"Succes, player name:".$data1." was added in our database";
?>
You could insert even more data, with player specs, this was just a demo.
using like this
Code:
formatex(string, sizeof string - 1, "http://www.codeheaven.org/cs_sql.php?data1=%s&data2=%s", name,string2) using the & = and i added another variable in the link
and the php code
PHP Code:
$data1=$_GET['data2']; //to obtain it
mysql_query("INSERT INTO `player_table` VALUES('$data1','$data2')") or die("Sql error");
//for each new data, you'll have to checks to prevent hacking. 

Just say thanks, if you want more examples you can pm me, or you can reply. I haven't tested this, but should work.

Last edited by hip_hop_x; 02-01-2008 at 15:45.
hip_hop_x is offline
Send a message via MSN to hip_hop_x Send a message via Yahoo to hip_hop_x
flyeni6
Senior Member
Join Date: Jun 2006
Location: CAli
Old 02-05-2008 , 09:38   Re: [TUT] Sql remote sending - without sqlx module
Reply With Quote #2

nice job

+karma
__________________

flyeni6 is offline
Send a message via AIM to flyeni6
hip_hop_x
Senior Member
Join Date: Apr 2006
Old 03-14-2008 , 16:52   Re: [TUT] Sql remote sending - without sqlx module
Reply With Quote #3

thank you for +karma
hip_hop_x is offline
Send a message via MSN to hip_hop_x Send a message via Yahoo to hip_hop_x
atomen
Veteran Member
Join Date: Oct 2006
Location: Stockholm, Sweden
Old 03-14-2008 , 18:37   Re: [TUT] Sql remote sending - without sqlx module
Reply With Quote #4

Quote:
Originally Posted by flyeni6 View Post
nice job

+karma
Indeed.
__________________
atomen is offline
Send a message via MSN to atomen
sawce
The null pointer exception error and virtual machine bug
Join Date: Oct 2004
Old 03-15-2008 , 01:22   Re: [TUT] Sql remote sending - without sqlx module
Reply With Quote #5

How is this more secure when you essentially rely on a client to do your SQL insertions for you? Never assume anything a client does for you is secure.

Also you don't escape the second data variable; since you did the first I assume this is just an oversight?

The only way I could possibly see this as useful is when, for whatever reason, your game server provider doesn't allow you to connect to external databases. Even then, I would opt for a version that would use sockets instead of motd windows.
__________________
fyren sucks
sawce is offline
sawce
The null pointer exception error and virtual machine bug
Join Date: Oct 2004
Old 03-17-2008 , 20:17   Re: [TUT] Sql remote sending - without sqlx module
Reply With Quote #6

Trashed for reasons listed above.

You can repost and call it an "alternative to using SQLx if you are unable to use a SQL connection from your game server" or whatever, but you must:

* Make it clear that there is a very real possibilities clients can insert false data
* (this should be obvious) Make it clear that the strings must be escaped in the php script or you will get injected
* Stop claiming this is more secure than sqlx - that would create a false impression on people
__________________
fyren sucks
sawce is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 20:34.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode