Who wont this work? SQL Database - Developers

Who wont this work? SQL Database

3 replies, posted
In This Thread

Why wont this work? No error or nothing. It is a Rank system look over it and you will see. [lua] function sql_value_stats ( ply ) kills = sql.QueryValue("SELECT kills FROM player_stats WHERE unique_id = '"..ply:SteamID().."'") deaths = sql.QueryValue("SELECT deaths FROM player_stats WHERE unique_id = '"..ply:SteamID().."'") ply:SetNWString("unique_id", unique_id) ply:SetNWInt("kills", kills) ply:SetNWInt("deaths", deaths) ply:SetNWInt("points", points) end function saveStat ( ply ) unique_id = ply:GetNWString ("SteamID") kills = ply:GetNWInt("kills") deaths = ply:GetNWInt("deaths") sql.Query("UPDATE player_stats SET kills = "..kills..", deaths = "..deaths.." WHERE unique_id = '"..ply:SteamID().."'") print("[RANK] Stats Updated!") end hook.Add("DoPlayerDeath", "PlayerDied", saveStat) function tables_exist() if (sql.TableExists("player_stats")) then print("[RANK] Table already exists.\n") else if (!sql.TableExists("player_stats")) then query = "CREATE TABLE player_stats ( unique_id varchar(225), kills int, deaths int )" result = sql.Query(query) if (result) then print("[RANK] Player account created\n") sql_value_stats( ply ) else print("[RANK] An error occured\n") end else print("[RANK] An error occured") end end end function new_player( SteamID, ply ) steamID = SteamID sql.Query( "INSERT INTO player_stats (`unique_id`, `kills`, `deaths`)VALUES ('"..steamID.."', '0', '0')" ) ply:ChatPrint("You have had a [RANK] Account Made!") end function player_exists( ply ) steamID = ply:GetNWString("SteamID") result = sql.Query("SELECT unique_id, kills, deaths FROM player_stats WHERE unique_id = '"..steamID.."'") if (result) then sql_value_stats( ply ) else new_player( steamID, ply ) end end function Initialize() tables_exist() end hook.Add("DoPlayerDeath", "PlayerDied", function( ply, killer ) local deaths = ply:GetNWInt("deaths") or 0 ply:SetNWInt( "deaths", deaths + 1 ) if killer:IsPlayer() then local kills = killer:GetNWInt("kills") or 0 ply:SetNWInt( "kills", kills + 1 ) end ply:SetNWInt( "points", kills - deaths * 2 ) ply:ChatPrint("Your stats have been updated!") timer.Simple( 1, saveStats( ply ) ) end) function SayRank( ply, cmd, args ) local mykills = sql.Query("SELECT kills FROM player_stats WHERE unique_id = '"..ply:SteamID().."'") local mydeaths = sql.Query("SELECT deaths FROM player_stats WHERE unique_id = '"..ply:SteamID().."'") ply:ChatPrint( "You have "..mykills.." kills and "..mydeaths.." deaths." ) end concommand.Add("rank", SayRank) [/lua]

Issue: There is always danger when inserting arbitrary strings into a SQL database. For example, if the string was: [code]') DROP TABLE kills;[/code] Then when you tried to insert it into a database you would lose your data. However, string injections aren't specifically your problem here, but the issue is your string isn't properly formatted for SQL. Answer: when inserting a string into a SQL database, wrap it with [b][url=http://wiki.garrysmod.com/?title=Sql.SQLStr]Sql.SQLStr [img]http://wiki.garrysmod.com/favicon.ico[/img][/url][/b].

I just got an error. [lua] lua\autorun\server\main.lua:79: attempt to concatenate local 'mydeaths' (a boolean value) [/lua] Any clue why it is rendering as True or False?

Sorry, you need to Log In to post a reply to this thread.