[Script Double Check] Is this SQL code look properly setup? - Developers

I've been into SQL for the past couple days with Garry's Mod. And I was wondering if this is how I would wanna do things. This is for a Level System I'm currently working on and I'm just wanting to see if I'm doing these methods properly. All help is appreciated! /* SQL Lines -------------------------------------------------------- UID is the self:SteamID64() -------------------------------------------------------- sql.Query("CREATE TABLE IF NOT EXISTS nlrp_levels(index INTEGER PRIMARY KEY, " .. "id64 INTEGER, xp INTEGER);" ) Update a Row = sql.Query( "UPDATE nlrp_levels SET xp = " .. self:GetLevel() .. " WHERE id64 = "..UID ); Make a Row = sql.Query("INSERT INTO nlrp_levels(id64, xp) VALUES (" .. UID .. ", 1)"); Delete a Row = sql.Query("DELETE FROM nlrp_levels WHERE id64 = ".. UID ); Select a Row = sql.QueryRow( "SELECT xp FROM nlrp_levels WHERE id64 = " .. UID .. ";" ) ---------------------------- Function Example(s) ---------------------------- local LS = sql.QueryRow( "SELECT xp FROM nlrp_levels WHERE id64 = " .. UID .. ";" ) if LS then local LevelVariable = LS.xp else sql.Query("INSERT INTO nlrp_levels(id64, xp) VALUES (" .. UID .. ", 1)"); end */

Usually you do the SQL as you go, but make sure you plan out the database first. For the code you posted, you could have used http://wiki.garrysmod.com/page/Player/SetPData instead. I've never used it myself but it looks much simpler than what you've done.

Nah man, SQL is better when it comes to Data. Thanks though. Don't think just because a one liner looks easy over multiple lines of code, it's the better solution to go with. SQL > PDiddy.. Oops I mean PData Thanks tho

I'm interested in SQL here, not PData. I'm aware of PData. Just.. stop lol

I'm not entire sure what's your question, you are free to build your SQL module whenever you want, that's the kind of stuff you can leave for later since you will see what do you really need

The statements look pretty good, I don't see issues with it. For the other question, I work on the core but with the SQL built in. If you know where the gamemode is going, I prefer working on the SQL while building the core because I consider the data saving a core part of a gamemode.

I'm just saying, you're storing steamids as primary keys twice in two separate tables with no relationship between them. Your data model doesn't make sense. If what you want is learn more about databases, nothing will help you more than reading up on relational database modelling. Being good with SQL won't help you if your database model is impossible to work with. I'm not trying to be mean, if you're just messing around to learn something you, that's awesome. I just want to make sure that you know it's not the best way to do things.

Always escape your strings - sql.SQLStr - , even if they come from predefined functions. What happens if this gets run somewhere, e.g. from a workshop addon? local plymeta = FindMetaTable( "Player" ) pl function plymeta:SteamID64() return "'69420'; DROP TABLE nlrp_levels; --" end Now you're running "UPDATE nlrp_levels SET xp = 420 WHERE id64 = '69420'; DROP TABLE nlrp_levels; --"

Why would anyone do this when they can just drop the table themselves? In order to do what you're showing, you need lua access on the server, which means you are already screwed. They can call sql.Query directly.

Whoops I need my coffee