Jump to content

executeSQLQuery


HunT

Recommended Posts

Hi All. i never use this one :|

I working for a new user panel and i want make the Map Shop (no nextmap)

First . . the wiki say : Please use executeSQLQuery instead.

Why?? i can't use executeSQLCreateTable executeSQLSelect etc.. ?

Anyway The Table :

  
function theTable () 
    executeSQLCreateTable ( "mapOwner", "nameMap TEXT, ownerMap TEXT, priceMap INTEGER" )  
end 
addEventHandler ( "onResourceStart", getRootElement(), theTable ) -- other event 
  

The Table is Ok (maybe)

My question is : who i can get/set the parameter for edit?

Tnx

Edited by Guest
Link to comment

Sounds Good myonlake :wink:

Omg after 45 min. i now know how work (maybe)

Now i have make this :

  
local thisResourceRoot = getResourceRootElement(getThisResource()) 
addEventHandler ( "onResourceStart", thisResourceRoot, 
function()      
executeSQLQuery("CREATE TABLE IF NOT EXISTS OwnersMaps (nameMap TEXT, ownerMap TEXT, priceMap INTEGER)") 
end)         
addEvent("onMapStarting",true) 
addEventHandler("onMapStarting",getRootElement(), 
function (mapInfo) 
   local name = mapInfo.name or "Unknown" 
   if name then 
   local tableMap =  executeSQLQuery ( "SELECT * FROM OwnersMaps WHERE nameMap = '" ..name.. "'" ) 
    if not  tableMap or # tableMap == 0 then 
    executeSQLQuery( "INSERT INTO OwnersMaps VALUES ('"..name.."','Waiting', 'Waiting')" ) 
end 
end 
end 
) 
  
 
Link to comment
  • Other Languages Moderators

it's better for you to do like the examples in the wiki.

http://wiki.multitheftauto.com/wiki/ExecuteSQLQuery

Notice the lack of single quotes around the "?" in this example, even though it represents a string. executeSQLQuery will see that the playerName variable is a string and take care of the correct execution of the query by itself.

The advantage of using executeSQLQuery is that it is immune to users trying to exploit the query with an SQL injection attack. playerName may contain special characters like ', " or -- that will not influence the query, unlike the older approach where playerName would be concatenated into the query string.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...