'LinKin Posted May 7, 2014 Share Posted May 7, 2014 Hello, MTA accepts these non-alphanumerical symbols in players' nicknames: \|@#~!"$%&/()[]=?+*-.' So, currently I have an script taken from the community. It shows player's alias, and, I've discovered that it FAILS when a player uses a nick containing this symbol: ' (single quote) or one of these symbols: [] (or both). Here are the errors that it shows when using a nick with that symbol: http://s2.postimg.org/oqt0y553t/mta_scr ... _46_54.png http://s9.postimg.org/trorl4gwf/mta_scr ... _04_48.png *Note: The mapmanager error is another thing. Ignore it. The player alias script is compiled, so I cannot find out why it's failing. On the other hand, I'm thinking about to make my own script. It'd do the same as the previous one but with some other features like search player's nicks by serial, or viceversa (find which serials have used a determined nickname). As I'm new at MySQL, I want to ask you guys which collation I should use for the column `NICKNAMES`. Here's a picture showing what collations in MySQL are: http://www.comocreartuweb.com/imagenes/cotejamiento.png It's like for example if you want to accept chinese symbols in a column, you must choose japanese collation. As I want to accept \|@#~!"$%&/()[]=?+*-.' symbols, which collation must I use? Thanks. Link to comment
Woovie Posted May 7, 2014 Share Posted May 7, 2014 The player alias script is failing from more or less injection. The person who wrote it is a moron. Link to comment
'LinKin Posted May 7, 2014 Author Share Posted May 7, 2014 More or less injection? I get what an injection means * How could I avoid this in future scripts? _________________________________________________________________________________________________________________ (*): Source: http://es.wikipedia.org/wiki/Inyecci%C3%B3n_SQL Link to comment
Gallardo9944 Posted May 7, 2014 Share Posted May 7, 2014 Injection means using a custom code by abusing mistakes made by scripters. Avoiding is simple: never do something with the "direct" text the player wrote. He can write a lua script there by breaking out of your resource and do what he wants. Link to comment
Woovie Posted May 7, 2014 Share Posted May 7, 2014 Such as if I made my nick 'for k,v in ipairs(getElementsByType("player")) do kickPlayer(v) end' which of course is too long, but I have managed to escape the code. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now