Mmorpg - Mysql DB dev. questions - Page 3

striker07 · *Last edited by striker07; 06-03-2013 at 13:39.*

Could some1 revise this basic SQL core?
Much appreciated and you will spare some work to the plugin approver when i finally release Mmorpg, wich shouldnt be to long anymore.

Sincerely,
Striker07

Doodil · 06-03-2013 , 17:09 Re: Mmorpg - Mysql DB dev. questions

Well, it doesn't really affect your code yet, but you should definitely look into SQL-Injections. If you some when decide to save the players name in your database(to maybe show the highest ranked player or something) and you keep using this unsafe way to put data in your queries, any player might be able to drop all your database-tables or manipulate the data otherwise. This is especially important when your source code is publicly available and everyone can see all the table names and queries.

striker07 · 06-04-2013 , 15:28 Re: Mmorpg - Mysql DB dev. questions

what?, youre english is off in the details.

I'm not saving names in this sql core, not yet.
In the other levelcore i have a table of wich the primary key is a players steam id, in this table the players name is stored.

On what exactly should i look out for?

Doodil · 06-05-2013 , 11:34 Re: Mmorpg - Mysql DB dev. questions

its not off, I said when you somewhen decide to save something like this. It is bad practice to directly put variables into queries (using %s or whatever), especially when its user-data. Take a look into "prepared statements"

asherkin · 06-05-2013 , 12:14 Re: Mmorpg - Mysql DB dev. questions

Quote:

Originally Posted by Doodil

its not off, I said when you somewhen decide to save something like this. It is bad practice to directly put variables into queries (using %s or whatever), especially when its user-data. Take a look into "prepared statements"

SourceMod doesn't supported threaded prepared statements, which pretty much makes them unusable.