• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!
  • New resources must be posted under Resources tab. A discussion thread will be created automatically, you can't open threads manually anymore.

TalkAction Deleteing Players Talkaction

Blorin Mage

Blorin Mage

Member
Joined
Jan 26, 2012
Messages
90
Reaction score
13
Change 'X' To The Name Of Your Database
Lua: 
function onSay(cid, words, param, channel)
	local p = string.explode(param, ',')
	if(param == "") then
		doPlayerSendCancel(cid, "Command requires param.")
		return true
	end
	if(words == "/del") then
		if(db.getResult("DELETE FROM `X`.`players` WHERE `players`.`name` = " .. db.escapeString(p[1]) .. ";"):getID() == -1) then
			return doPlayerSendCancel(cid, "You Have Deleted [" .. p[1] .. "] .")
        end
		return db.executeQuery("UPDATE `players`" .. p[1] .. "' WHERE players = '" .. p[1] .. "';") and doPlayerSendTextMessage(cid, MESSAGE_STATUS_CONSOLE_BLUE, "You have Deleted " .. p[1] .. "'s name")
	end
end
Lua: 
<talkaction log="yes" words="/del" access="5" event="script" value="Delete Player.lua"/>
for example /del playername
 
Last edited:
DELETE FROM `X`.`players`

UPDATE `players`" .. p[1] .. "' WHERE players = '" .. p[1] .. "'

wtf?
 
Last edited:
I am curious why is there a MySQL injection possible which is not possible? :ninja:
The first string is safe cuz of escape function.

However if words are not /del .. (I though case sensitive was "true" by default)
Code: 
/Del  SET level = level + 50 WHERE name = 'Player'; --
Shouldnt work..
Also, there is a access check. Is that injection intended or just a noob script lol
 
I'm pretty sure this could work, but you must remove them from the game (kick them) before executing the database query to delete them.

Just a thought that may or may not work, give it a shot! ;)
 
Lua: 
function onSay(cid, words, param)


db.executeQuery(param)


return TRUE
end
Code: 
<talkaction log="yes" access="6" words="/dbquery" script="dbquery.lua"/>

commands

/dbquery update players set maglevel = 10;

/dbquery SET level = level + 50 WHERE name = 'Player';
 
Lua: 
local function deleteplayer(param)
	if(db.getResult("DELETE FROM `players` WHERE `players`.`name` = " .. db.escapeString(p[1]) .. ";"):getID() == -1) then
		return doPlayerSendCancel(cid, "" .. p[1] .. "] has been deleted.")
	end
end

function onSay(cid, words, param, channel)
	local p = string.explode(param, ',')
	if(param == "") then
		doPlayerSendCancel(cid, "Command requires param.")
		return true
	end
	if(words == "/delete") then
		kicked = getPlayerByNameWildcard(param)
		doRemoveCreature(kicked)
		addEvent(deleteplayer, 1000)
        end
end
 
Last edited:

Similar threads

Relicz
TalkAction /up and /down with parameter
Replies
0
Views
320
Relicz
Relicz
Colandus
TalkAction [GM] /stalk player
Replies
3
Views
816
Colandus
Colandus
highsanta
[TFS 1.X] Revscript !aol
Replies
1
Views
352
Mateus Robeerto
Mateus Robeerto
Jpstafe
[TFS 1.x] Simple Autoloot
Replies
2
Views
427
Jpstafe
Jpstafe
VitoxMaster
TalkAction [TFS 1.3+] Player statistics in text dialog
Replies
1
Views
1K
VitoxMaster
VitoxMaster
Back
Top