Jump to content

executeSQLQuery


HunT

Recommended Posts

Posted (edited)

Hi All. i never use this one :|

I working for a new user panel and i want make the Map Shop (no nextmap)

First . . the wiki say : Please use executeSQLQuery instead.

Why?? i can't use executeSQLCreateTable executeSQLSelect etc.. ?

Anyway The Table :

  
function theTable () 
    executeSQLCreateTable ( "mapOwner", "nameMap TEXT, ownerMap TEXT, priceMap INTEGER" )  
end 
addEventHandler ( "onResourceStart", getRootElement(), theTable ) -- other event 
  

The Table is Ok (maybe)

My question is : who i can get/set the parameter for edit?

Tnx

Edited by Guest
Posted

After you create the table, you must delete the table or edit it on the SQL file. I guess there's no other way to edit it.

Btw, I ever prefer using queries instead of these default functions.

"[...] If you don’t love it, if you’re not having fun doing it, you don’t really love it, you’re going to give up." - Steve Jobs, 2007

Posted
Can u delete this please.

There may be other people having similar issue so I'd rather not delete the thread.

If I helped you, please click the like button on the right ;) Thanks!

Posted

Sounds Good myonlake :wink:

Omg after 45 min. i now know how work (maybe)

Now i have make this :

  
local thisResourceRoot = getResourceRootElement(getThisResource()) 
addEventHandler ( "onResourceStart", thisResourceRoot, 
function()      
executeSQLQuery("CREATE TABLE IF NOT EXISTS OwnersMaps (nameMap TEXT, ownerMap TEXT, priceMap INTEGER)") 
end)         
addEvent("onMapStarting",true) 
addEventHandler("onMapStarting",getRootElement(), 
function (mapInfo) 
   local name = mapInfo.name or "Unknown" 
   if name then 
   local tableMap =  executeSQLQuery ( "SELECT * FROM OwnersMaps WHERE nameMap = '" ..name.. "'" ) 
    if not  tableMap or # tableMap == 0 then 
    executeSQLQuery( "INSERT INTO OwnersMaps VALUES ('"..name.."','Waiting', 'Waiting')" ) 
end 
end 
end 
) 
  
 
Posted

it's better for you to do like the examples in the wiki.

https://wiki.multitheftauto.com/wiki/ExecuteSQLQuery

Notice the lack of single quotes around the "?" in this example, even though it represents a string. executeSQLQuery will see that the playerName variable is a string and take care of the correct execution of the query by itself.

The advantage of using executeSQLQuery is that it is immune to users trying to exploit the query with an SQL injection attack. playerName may contain special characters like ', " or -- that will not influence the query, unlike the older approach where playerName would be concatenated into the query string.

CiTLh.png
Posted
executeSQLQuery("INSERT INTO OwnersMaps VALUES (?,?,?)",name,'waiting','waiting') 

357ac0078264.jpg

- Working on [php/HTML/Mysql/Lua/Java Scripts/Web Design/3D Modeling]

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...