[CODE] local steamid = LMMESTOREGetEscapedString(ply:SteamID64())
local key = LMMESTOREGetEscapedString(generateKey())[/CODE]
One gets the sense that you're just wildly applying things people tell you, and really don't understand the "why" behind some of the direction you're receiving. Otherwise, why else would you escape things that clearly don't need to be.....? I would suggest you try to understand the principles behind the direction, and not just regurgitate code.
Hey, you should maybe really re-think some parts of your code.
I don't think people here want to be especially rude on you, it is just that they don't want to spoon feed you either.
You just need to "remember" that every client could be malicious "simply" don't trust the client if it comes to critical data that could affect server stuff, executing sql queries on the client's demand isn't a good thing to-do especially if the input can be manipulated.
My best idea in terms of simplicity would be changing the way you update your data, stop executing sql queries on the client's behalf and maybe map NPC data to their objects or to ID's and let the client just tell with which ID they're interacting.
You should really understand that releasing something "to the public" should be done with some kind of care. I mean imagine people using your addon, and then suddenly their whole server get's rekt by a exploit in your addon kind embarrassing imo.
TL;DR
People are all awesome, and please try to [B]not[/B] trust the client in any case; instead try to change your code so it's not even using any or very little data from the client.
[QUOTE=Buzzkill_HABB;50410546][CODE] local steamid = LMMESTOREGetEscapedString(ply:SteamID64())
local key = LMMESTOREGetEscapedString(generateKey())[/CODE]
One gets the sense that you're just wildly applying things people tell you, and really don't understand the "why" behind some of the direction you're receiving. Otherwise, why else would you escape things that clearly don't need to be.....? I would suggest you try to understand the principles behind the direction, and not just regurgitate code.[/QUOTE]
I just ran through all the locals just to make sure I understand what it means...
[editline]29th May 2016[/editline]
[QUOTE=Fannney';50411103]Hey, you should maybe really re-think some parts of your code.
I don't think people here want to be especially rude on you, it is just that they don't want to spoon feed you either.
You just need to "remember" that every client could be malicious "simply" don't trust the client if it comes to critical data that could affect server stuff, executing sql queries on the client's demand isn't a good thing to-do especially if the input can be manipulated.
My best idea in terms of simplicity would be changing the way you update your data, stop executing sql queries on the client's behalf and maybe map NPC data to their objects or to ID's and let the client just tell with which ID they're interacting.
You should really understand that releasing something "to the public" should be done with some kind of care. I mean imagine people using your addon, and then suddenly their whole server get's rekt by a exploit in your addon kind embarrassing imo.
TL;DR
People are all awesome, and please try to [B]not[/B] trust the client in any case; instead try to change your code so it's not even using any or very little data from the client.[/QUOTE]
Thank you for taking time to write something that will actually mean something to me I will make sure to look over everything as this thread has taught me a lot thanks again and if you check my last addon you will be impressed :) thanks!
Could you make this work with nutscript? Thanks. (Possibly the GUI too?)
[QUOTE=Segecos;50436732]Could you make this work with nutscript? Thanks. (Possibly the GUI too?)[/QUOTE]
I have never worked with nut script but I can look into it
Here's another example of how you could very easily escape queries, don't think i've seen this one.
[CODE]function db_addlog(msg,type)
query([[
INSERT INTO MWG_LOGS(Type,Log)
VALUES (]]..type..[[,']]..sql.SQLStr(msg,1)..[[');
]])
end[/CODE]
[QUOTE=timmybo5;50470161]Here's another example of how you could very easily escape queries, don't think i've seen this one.
[CODE]function db_addlog(msg,type)
query([[
INSERT INTO MWG_LOGS(Type,Log)
VALUES (]]..type..[[,']]..sql.SQLStr(msg,1)..[[');
]])
end[/CODE][/QUOTE]
Does that work for what I need because I think someone mentioned that before but said never mind...
yup, should work
Sorry, you need to Log In to post a reply to this thread.
