• Very Strange SQLite Problem
    6 replies, posted
Hello, I have a problem that confused a few of my friends when they tried to solve it. I honestly am clueless why this will simply not work. [code] sql.Query("UPDATE player_characters SET char_crafting_skill="..c..", char_stamina_skill="..st..", char_firearms_skill="..f..",char_melee_skill="..m..", char_strength_skill="..sex..", char_crafting_prog="..cp..", char_stamina_prog="..stp..", char_firearms_prog="..fp..", char_melee_prog="..mp..", char_strength_prog="..sexp..", char_model="..ply:GetModel().." WHERE unique_id='"..ply:SteamID().."' AND char_id='"..ply:GetNWString("Character:ID").."'") [/code] I have already checked the values and the table name and they are all correct. Help with this would be appreciated.
Try printing it out ( set it as a var ) and pasting it into phpmyadmin. See if there's an error or not? Also, escape the values!
[QUOTE=Acecool;46854588]Try printing it out ( set it as a var ) and pasting it into phpmyadmin. See if there's an error or not? Also, escape the values![/QUOTE] I did: [code] if result then print("Works?") else print("SQL ERROR: Updating player info\n") print(sql.LastError(result)) end [/code] and got: no such column: models SQL ERROR: Updating player info [editline]4th January 2015[/editline] I got rid of: char_model="..ply:GetModel().." and it worked. Any idea whats wrong with that?
Always use sql.SQLStr around user input. For example, [lua]".. sql.SQLStr( ply:GetModel ) .."[/lua]
[QUOTE=Author.;46854699]Always use sql.SQLStr around user input. For example, [lua]".. sql.SQLStr( ply:GetModel ) .."[/lua][/QUOTE] I was planning to do that after a friend let me know. I just thought about getting it to actually save first. Ah what the hell, I'll try that now. [editline]4th January 2015[/editline] [QUOTE=Author.;46854699]Always use sql.SQLStr around user input. For example, [lua]".. sql.SQLStr( ply:GetModel ) .."[/lua][/QUOTE] Oh, it worked. Cheers, also thanks to Acecool too. He told me yesterday but I didnt really know the error then. BTW, do I have to use that when it checks for stuff, e.g: [code] WHERE unique_id='"..ply:SteamID().."' AND char_id='"..ply:GetNWString("Character:ID").."' [/code]
Yes, because SQL is a programming language which also uses quotes. Without the quotes, you would most likely end up in errors. Also, sql.SQLStr doesn't only put quotes around the text, but it is for security reasons as well.
[QUOTE=Author.;46854913]Yes, because SQL is a programming language which also uses quotes. Without the quotes, you would most likely end up in errors. Also, sql.SQLStr doesn't only put quotes around the text, but it is for security reasons as well.[/QUOTE] Yeah, been quite new to SQL. Fixed up my errors. Thanks :D
Sorry, you need to Log In to post a reply to this thread.