This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftGeneral
Goof's profile picture

[Posting to Mysql Database] Cannot send serialized table

Started by Goof, 07 August 2014 - 05:41 PM
Goof #1

Goof's profile picture

767 posts

Posted 07 August 2014 - 07:41 PM
EDIT: This must've been some kindof typo, since everything works after a little rewrite. Thanks for reading.
Solved

Hello

I've lately ran into a problem, which i just cant figure out how to fix properly.

What i want to happen is sending 4 strings, and 1 serialized table, to get set into a database row
However i've got a syntax error from the webpage saying:;


You have an error in your SQL syntax: check the manual that corresponds to your MySQL server version for the right syntax to use near '"Hello"},'3')' at line 1
i have no idea what that "3" is meaning, and i just cant remember how to post a string( which is a serialized table ) into the post data.

Sending code:
Spoiler

  local saltString = '{"Hello"}'
  -- "dat" is a table defined earlier with data from a serialized file
  --print( saltString )
  http.request(
	Settings.ServerVerification .. '?' ..
	'VER=' .. ***** .. '&' .. -- *** is verification
	'TYPE=reg' .. '&' .. -- type reg is "Register"
	'Password=' .. dat[ 'Password' ] .. '&' ..
	'Salt=' .. saltString .. '&' ..
	'Tries=' .. dat[ 'TriesLeft' ]
  )

If nothing seems wrong with the code, then it may be the Mysql Query

$newResult = mysql_query("INSERT INTO $tablename (ComputerID, Password, Salt, Tries) VALUES ($comID, '$datPass', $datSalt, '$datTries')", $dbhandle) or die( mysql_error() );



Thanks in Advance


Best regards Mikk809h
Edited on 07 August 2014 - 09:18 PM
Alice #2

Alice's profile picture

882 posts

Location Behind you.

Posted 09 August 2014 - 01:25 AM
Something to remember, try to post questions in Ask a Pro rather than General
MKlegoman357 #3

MKlegoman357's profile picture

1140 posts

Location Kaunas, Lithuania

Posted 10 August 2014 - 08:17 PM
Don't know if you already did this, but if not Be Aware! There are some SQL injection methods that you should be protecting from. Mainly, converting the inputs (ComputerID, password, salt, etc..) or using other methods of passing those variables to SQL statement. There are some of the major SQL injection methods described in the Wikipedia page.

EDIT: also, validate the input. Remember that anyone, who knows your site, can make invalid requests, like: giving a string ("troll" for example) instead of a computer ID or not giving any parameters at all.
Edited on 10 August 2014 - 06:27 PM