dugasz1 Posted March 18, 2014 Posted March 18, 2014 Hello! I have got some problem to define the player: So there is a button when i click on it its trigger to server the login data (there is the player yet). But when i make a query and its call back how can i call the player who click the button? addEvent( "clientRequestLogin", true ) addEventHandler( "clientRequestLogin", getRootElement(), function ( username, password ) --dbExec( theConnection,"SET NAMES utf8" ) dbQuery( loginCallback, theConnection, "SELECT * FROM users WHERE username = '"..username.."' AND password = '"..md5(password).."'" ) end ) function loginCallback ( qh ) local result = dbPoll( qh, 0 ) if #result == 1 then outputChatBox ( "Üdvözlünk ".. result[1]['username'].." a szerveren!", --Here comes the player ) dbQuery( characterCallback, theConnection, "SELECT * FROM characters WHERE owner = '"..result[1]['username'].."'" ) elseif #result == 0 then outputChatBox ( "Hibás felhasználónév vagy jelszó!", --Here comes the player ) end end
WhoAmI Posted March 18, 2014 Posted March 18, 2014 Add parameter to loginCallback function ('player'). And then call this function giving player. loginCallback ( player, qh ) and then dbQuery ( loginCallback, source, ... )
Castillo Posted March 18, 2014 Posted March 18, 2014 That query isn't really secure, it can lead to SQL injections.
dugasz1 Posted March 18, 2014 Author Posted March 18, 2014 (edited) Add parameter to loginCallback function ('player'). And then call this function giving player. loginCallback ( player, qh ) and then dbQuery ( loginCallback, source, ... ) Thank you That query isn't really secure, it can lead to SQL injections. You mean it's can be simply hacked? Edited March 18, 2014 by Guest
Castillo Posted March 18, 2014 Posted March 18, 2014 Read about SQL injections, you should make your queries like this: dbQuery ( "SELECT * FROM myTable WHERE account = ?", "Castillo" )
dugasz1 Posted April 1, 2014 Author Posted April 1, 2014 addEvent( "clientRequestLogin", true ) addEventHandler( "clientRequestLogin", getRootElement(), function ( username, password ) dbQuery( loginCallback, source, theConnection, "SELECT * FROM users WHERE username = ? AND password = ?", username, md5(password) ) end ) function loginCallback ( thePlayer, qh ) local result = dbPoll( qh, 0 ) if #result == 1 then outputChatBox ( "Üdvözlünk ".. result[1]['username'].." a szerveren!", thePlayer ) dbQuery( characterCallback, thePlayer, theConnection, "SELECT * FROM characters WHERE owner = ?", result[1]['username'] ) elseif #result == 0 then outputChatBox ( "Hibás felhasználónév vagy jelszó!", ) end end WhoAmI, do you see the problem? Because it isnt work and the console write "expected db-connection at arg 2.. ". Or do somebody know the solution?
WhoAmI Posted April 1, 2014 Posted April 1, 2014 Check this addEvent( "clientRequestLogin", true ) addEventHandler( "clientRequestLogin", getRootElement(), function ( username, password ) dbQuery( loginCallback ( source ), theConnection, "SELECT * FROM users WHERE username = ? AND password = ?", username, md5(password) ) end ) function loginCallback ( thePlayer, qh ) local result = dbPoll( qh, 0 ) if #result == 1 then outputChatBox ( "Üdvözlünk ".. result[1]['username'].." a szerveren!", thePlayer ) dbQuery( characterCallback, thePlayer, theConnection, "SELECT * FROM characters WHERE owner = ?", result[1]['username'] ) elseif #result == 0 then outputChatBox ( "Hibás felhasználónév vagy jelszó!", ) end end
dugasz1 Posted April 1, 2014 Author Posted April 1, 2014 I asked another hungarian scripter (image) he point on the problem : dbQuery( loginCallback , { arg1, arg2,..}, theConnection, .... Only the {} miss Thank you the help too!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now