[Carl Sagan]

So I'm having a problem inserting specific data in to a MySQL database.

Here's some of the code:

PHP Code:

new String:g_sReporterName[MAXPLAYERS +1][MAX_NAME_LENGTH];
new String:g_sReporterAuth[MAXPLAYERS +1][24];
new String:g_sReporteeName[MAXPLAYERS +1][MAX_NAME_LENGTH];
new String:g_sReporteeAuth[MAXPLAYERS +1][24];
new String:g_sReason[MAXPLAYERS +1][256];
new String:g_sServer[MAXPLAYERS +1][256]; 


then when a player selects a menu option it does this which works fine:

PHP Code:

GetClientName(client,g_sReporterName[client],sizeof(g_sReporterName[]));
GetClientAuthString(client,g_sReporterAuth[client],sizeof(g_sReporterAuth[]));
GetClientName(client,g_sReporteeName[client],sizeof(g_sReporteeName[]));
GetClientAuthString(client,g_sReporteeAuth[client],sizeof(g_sReporteeAuth[]));
GetClientName(0,g_sServer[client],sizeof(g_sServer[])); 


and here's where things get messed up. This is in the next menu confirming a report and it tries to insert the info into the database:

PHP Code:

new String:Query[256];
Format(Query,sizeof(Query),"INSERT INTO plugin (reportername,reporterauth,reporteename,reporteeauth,reason,server) VALUES ('%s','%s','%s','%s','%s','%s')",g_sReporterName[client],g_sReporterAuth[client],g_sReporteeName[client],g_sReporteeAuth[client],g_sReason[client],g_sServer[client]);
SQL_FastQuery(Database,Query); 


Now I've checked and the strings have all the correct values, but for some reason it isn't input into the database.

I've tried without the strings and it inserts the data into the database fine, so something has to be wrong there with the strings.

Any ideas?

[bl4nk]

Try printing the formatted string. My bet is that 'Query' isn't large enough.

[edit]

Also you should sanitize the player's name using SQL_EscapeString, to prevent problem players from executing a query on your database.

[Carl Sagan]

Quote:

Originally Posted by bl4nk Try printing the formatted string. My bet is that 'Query' isn't large enough.

I actually tried it at 2560 and still didn't work. Printing it to chat wouldn't work as it gets cut off anyway.

[pheadxdll]

Print at some offset so you can see the whole string:

Code:

PrintToServer("Query:\n%s", Query[1024]);

Do what bl4nk suggested and use SQL_EscapeString. Since the string isn't escaped, perhaps one of the user provided strings has a character that is blowing up the query. Try executing the printed query manually and see if it goes through. It's probably not a valid sql query.

[Carl Sagan]

Quote:

Originally Posted by pheadxdll Print at some offset so you can see the whole string: Code: PrintToServer("Query:\n%s", Query[1024]); Do what bl4nk suggested and use SQL_EscapeString. Since the string isn't escaped, perhaps one of the user provided strings has a character that is blowing up the query. Try executing the printed query manually and see if it goes through. It's probably not a valid sql query.

Oh man I feel stupid.

PHP Code:

INSERT INTO plugin (reportername,reporterauth,reporteename,reporteeauth,reason,server) VALUES ('Phil','STEAM_1:0:39841182','Phil','STEAM_1:0:39841182','Rushing','Phil's Test Server') 


[Carl Sagan]

Alright it works now. If anyone's having a similar problem here's how to use SQL_EscapeString:

PHP Code:

new String:Query[512],String:EscapedReporterName[MAX_NAME_LENGTH],String:EscapedReporteeName[MAX_NAME_LENGTH],String:EscapedServer[256],String:EscapedReason[256];
            
SQL_EscapeString(Database,g_sReporterName[client],EscapedReporterName,sizeof(EscapedReporterName));
SQL_EscapeString(Database,g_sReporteeName[client],EscapedReporteeName,sizeof(EscapedReporteeName));
SQL_EscapeString(Database,g_sServer[client],EscapedServer,sizeof(EscapedServer));
SQL_EscapeString(Database,g_sReason[client],EscapedReason,sizeof(EscapedReason));

Format(Query,sizeof(Query),"INSERT INTO plugin (reportername,reporterauth,reporteename,reporteeauth,reason,server) VALUES ('%s','%s','%s','%s','%s','%s')",EscapedReporterName,g_sReporterAuth[client],EscapedReporteeName,g_sReporteeAuth[client],EscapedReason,EscapedServer);
SQL_FastQuery(Database,Query); 


[Dr. Greg House]

Some of the strings are way too small. Follow the documentation of "SQL_EscapeString".