Ataro
Member
Sorry, Had to be deleted
Last edited:
-
2026 staff recruitment is open! Check it out and consider applying!
-
New resources must be posted under Resources tab. A discussion thread will be created automatically, you can't open threads manually anymore.
TalkAction Delete Please
- Thread starter Ataro
- Start date
Nice script, but try to make 'items' config in LUA table.
One fix:
Should be:
When you send any string to database from LUA always use:
db.escapeString(str)
1. Secure.
2. Sometimes error can occur.
One fix:
PHP:
function doRemovePremiumPoints(accountName, points)
points = tostring(points)
return db.executeQuery('UPDATE `accounts` SET `premium_points` = `premium_points` -' .. points .. ' WHERE `name` = ' .. accountName .. ' LIMIT 1;')
end
function CurrentPoints(accountName)
playerpoints = db.getResult('SELECT `premium_points` FROM `accounts` WHERE `name` = ' .. accountName .. ' LIMIT 1;')
return playerpoints:getDataInt("premium_points")
end
PHP:
function doRemovePremiumPoints(accountName, points)
points = tostring(points)
return db.executeQuery('UPDATE `accounts` SET `premium_points` = `premium_points` -' .. points .. ' WHERE `name` = ' .. db.escapeString(accountName) .. ' LIMIT 1;')
end
function CurrentPoints(accountName)
playerpoints = db.getResult('SELECT `premium_points` FROM `accounts` WHERE `name` = ' .. db.escapeString(accountName) .. ' LIMIT 1;')
return playerpoints:getDataInt("premium_points")
enddb.escapeString(str)
1. Secure.
2. Sometimes error can occur.
5mok3
Emporia
Yes!! Congratulations!!
Help the stupid people that download and run servers grow and make money!!
You should be proud of yourself..
Ugly scripting anyways..
Help the stupid people that download and run servers grow and make money!!
You should be proud of yourself..
Ugly scripting anyways..
OP
OP
Ataro
Member
well, i ddint knew it was so bad .... its my fucking first script :S
@PhoOwned
2. Sometimes error can occur. ????
Well i never do get an error
@PhoOwned
2. Sometimes error can occur. ????
Well i never do get an error
Last edited:
no its not the same... i tested it with both... in rev3952, db.execute~ doesnt work
Zonet
Web Developer
It'd occur that error only when it's removing points from account that contains a letter/string as you're not using " "
Example:
Your:
Code:
function doRemovePremiumPoints(accountName, points)
points = tostring(points)
return db.executeQuery('UPDATE `accounts` SET `premium_points` = `premium_points` -' .. points .. ' WHERE `name` = [B]' .. db.escapeString(accountName) .. '[/B] LIMIT 1;')
end
Code:
function doRemovePremiumPoints(accountName, points)
points = tostring(points)
return db.executeQuery('UPDATE `accounts` SET `premium_points` = `premium_points` -' .. points .. ' WHERE `name` = [B]"' .. db.escapeString(accountName) .. '"[/B] LIMIT 1;')
end