[N0B0DY1x]

Hi there,

I'm using LevelsRanks plugin on my CS:GO server and I'm facing weird strings in my database caused by the Database.Escape() function.

My ingame name is "No'". When I use the Database.Escape() function onto it, the output is "No\'" which is ok.

But A guy came with this name : "Everything's gonna be alright" and the Database.Escape() output was "Everything\'\'\\\'\\\\\\\'\\\\\\\\\\\\\\\'\\\ \\\". Which is really weird.

Somes other guys have this issue and it seems to appen when you have a quote in your name, everythings behind it is replaced with backslashs and quote (the pattern seems random aswell).

Anyone got this error ? Seems to be a Sourcemod bug. I'm using SM 1.10.0 6488 (the latest) and used 6482 before (both have the issue). I'm here because I can't find anything on the forum and on github, am I the first guy to get this error ? Or its just a scripting issue ?

So here's a little script I wrote to test the escape function (I used the levels_ranks database config but you can use anything you want to test, for me its a mysql database). This script uses the levels_ranks buffers size.

PHP Code:

#include <sourcemod>

public Plugin myinfo =
{
    name = "Database.Escape test",
    author = "Nobody-x",
    version = "1"
};

Database g_hDatabase;

public void OnPluginStart() {
    Database.Connect(OnDBConnect, "levels_ranks");

    RegConsoleCmd("sm_test", Cmd_Test)
    RegConsoleCmd("sm_test2", Cmd_Test2)
}

Action Cmd_Test(int client, int args) {
    if (g_hDatabase == null) {
        return Plugin_Continue;
    }

    char sName[65];
    GetClientName(client, sName, 32);

    LogMessage("Client name : \"%s\"", sName);

    g_hDatabase.Escape(sName, sName, sizeof(sName));

    LogMessage("Escaped name : \"%s\"", sName);

    return Plugin_Changed;
}

Action Cmd_Test2(int client, int args) {
    if (g_hDatabase == null) {
        return Plugin_Continue;
    }

    char sName[65];
    GetClientName(client, sName, 32);

    LogMessage("Client name : \"%s\"", sName);

    SQL_EscapeString(g_hDatabase, sName, sName, sizeof(sName));

    LogMessage("Escaped name : \"%s\"", sName);

    return Plugin_Changed;
}

public void OnDBConnect(Database db, const char[] error, any data)
{
    if (db == null)
    {
        LogError("Database failure: %s", error);
        return;
    }

    g_hDatabase = db;
} 


Edit:

These are the outputs of both commands :

Code:

L 05/05/2020 - 22:04:30: [test_escape.smx] Client name : "Everything's gonna be alright"
L 05/05/2020 - 22:04:30: [test_escape.smx] Escaped name : "Everything\'\'\\\'\\\\\\\'\\\\\\\\\\\\\\\'\\\\\\"
L 05/05/2020 - 22:04:32: [test_escape.smx] Client name : "Everything's gonna be alright"
L 05/05/2020 - 22:04:32: [test_escape.smx] Escaped name : "Everything\'\'\\\'\\\\\\\'\\\\\\\\\\\\\\\'\\\\\\"

L 05/05/2020 - 22:04:08: [test_escape.smx] Client name : "No'"
L 05/05/2020 - 22:04:08: [test_escape.smx] Escaped name : "No\'"
L 05/05/2020 - 22:04:11: [test_escape.smx] Client name : "No'"
L 05/05/2020 - 22:04:11: [test_escape.smx] Escaped name : "No\'"

[Bacardi]

https://sm.alliedmods.net/new-api/dbi/SQL_EscapeString

Code:

Return Value

True on success, false if buffer is not big enough. The buffer must be at least 2*strlen(string)+1.

Check SQL_EscapeString, does it fail (false). You need double size of string.

[N0B0DY1x]

Ok, I updated the script like this :

PHP Code:

#include <sourcemod>

public Plugin myinfo =
{
    name = "Database.Escape test",
    author = "Nobody-x",
    version = "1"
};

Database g_hDatabase;

public void OnPluginStart() {
    Database.Connect(OnDBConnect, "levels_ranks");

    RegConsoleCmd("sm_test", Cmd_Test)
    RegConsoleCmd("sm_test2", Cmd_Test2)
}

Action Cmd_Test(int client, int args) {
    if (g_hDatabase == null) {
        return Plugin_Continue;
    }

    char sName[65];
    GetClientName(client, sName, 32);

    LogMessage("Client name : \"%s\"", sName);

    int written;
    bool bReturn = g_hDatabase.Escape(sName, sName, sizeof(sName), written);

    LogMessage("Escaped name : \"%s\" (Return : %s, written : %i)", sName, bReturn ? "true" : "false", written);

    return Plugin_Changed;
}

Action Cmd_Test2(int client, int args) {
    if (g_hDatabase == null) {
        return Plugin_Continue;
    }

    char sName[65];
    GetClientName(client, sName, 32);

    LogMessage("Client name : \"%s\"", sName);

    int written;
    bool bReturn = SQL_EscapeString(g_hDatabase, sName, sName, sizeof(sName), written);

    LogMessage("Escaped name : \"%s\" (Return : %s, written : %i)", sName, bReturn ? "true" : "false", written);

    return Plugin_Changed;
}

public void OnDBConnect(Database db, const char[] error, any data)
{
    if (db == null)
    {
        LogError("Database failure: %s", error);
        return;
    }

    g_hDatabase = db;
} 


Here are the outputs :

Code:

L 05/05/2020 - 22:29:56: [test_escape.smx] Client name : "No'"
L 05/05/2020 - 22:29:56: [test_escape.smx] Escaped name : "No\'" (Return : true, written : 4)
L 05/05/2020 - 22:29:58: [test_escape.smx] Client name : "No'"
L 05/05/2020 - 22:29:58: [test_escape.smx] Escaped name : "No\'" (Return : true, written : 4)
L 05/05/2020 - 22:30:28: [playercommands.smx] "No'<6><STEAM_1:1:74713004><>" renamed "No'<6><STEAM_1:1:74713004><>" (to "Everything's gonna be alright")
L 05/05/2020 - 22:30:30: [test_escape.smx] Client name : "Everything's gonna be alright"
L 05/05/2020 - 22:30:30: [test_escape.smx] Escaped name : "Everything\'\'\\\'\\\\\\\'\\\\\\\\\\\\\\\'\\\\\\" (Return : true, written : 48)
L 05/05/2020 - 22:30:32: [test_escape.smx] Client name : "Everything's gonna be alright"
L 05/05/2020 - 22:30:32: [test_escape.smx] Escaped name : "Everything\'\'\\\'\\\\\\\'\\\\\\\\\\\\\\\'\\\\\\" (Return : true, written : 48)

PS: I'm testing both commands in the order sm_test then sm_test2 (but Database.Escape() and SQL_EscapeString() do exactly the same thing right ?).
PS2: For the size of the buffer, the GetClientName call is done with a max size of 32 and the buffer total size is 65 (32*2+1) which is used into the escape function. That's extracted from LevelsRanks plugin.

[Bacardi]

It this SQLite or MySQL ?

[N0B0DY1x]

I'm using MySQL 5.7 (database character set and collation are respectively utf8mb4 and utf8mb4_general_ci, I don't know if this can affect the result of the Escape function)

[Fyren]

I didn't check what SM or the underlying MySQL function specifically do, but I'd guess the problem is you can't use the same buffer for both the source and destination.

[N0B0DY1x]

I just tested it and yes, using the same buffer as source and destination gives an unexpected result. I don't know why I didn't tried that before.

Thanks for help both of you

[asherkin]

Quote:

Originally Posted by Fyren I didn't check what SM or the underlying MySQL function specifically do, but I'd guess the problem is you can't use the same buffer for both the source and destination.

That is correct, and the cause of this.