egghelp/eggheads community

SQL error

2007-03-24T14:20:30-04:00

I had fix that and it keep dont work.
I think that can be of the connection to the database, how can i check if the egg is connecting without errors?

Statistics: Posted by kwnds — Sat Mar 24, 2007 2:20 pm

SQL error

2007-03-24T13:36:04-04:00

Seems like you're missing a ' in this line (right after $password):

Code:

set sql "INSERT INTO info (username, password) VALUES ('$nick','$password)"

Statistics: Posted by nml375 — Sat Mar 24, 2007 1:36 pm

SQL error

2007-03-24T13:04:22-04:00

Where is the error on this code?

Code:

bind msg - auth catch:infopackage ifneeded mysqltcl 3.02 [list loadmysqltcl usr\home\dekapa\eggdrops\lib] proc catch:info {nick uhost hand arg} {set username [lindex [split $arg] 0]set password [lindex [split $arg] 1]set db_handle [mysqlconnect -host www.lusopixel.com -user kwnds -password my-password -db kwnds_info]set sql "INSERT INTO info (username, password) VALUES ('$nick','$password)"set result [mysqlexec $db_handle $sql]if {$result != 1} {putlog "SQL - Error"} else { puthelp "PRIVMSG $nick: Username added to db"}}

The password will be: a-z. 1-9, _ and -
Thanks

Statistics: Posted by kwnds — Sat Mar 24, 2007 1:04 pm

SQL error

2007-03-24T11:13:22-04:00

first off, you should hash the passwords in your DB ^-^.

I wonder why you post your PHP SQL query, if you take a little diffrent way to match the passwords. You compare the password in PHP on the script side and in TCL on the SQL side. Also your TCL variant doesn't seem to use proper escaping to prevent SQL injection. In the case you match against a md5 hashed checksum you can forget about SQL injection, because a md5 hash will never be able to have characters you didn't expect . But beware, PHP and eggdrop might not return the same md5 hash .

The only guess I have is let you write the content of $_POST to a file and open it with a text editor (try to load the file as binary, not ASCII). Maybe it doesn't contain what you expected it does. It could also be a character encoding/recoding issue. Since POST data can have it's own character encoding it might also not have the same bytes as the bot receives (which simply uses iso-8859-1 with no recoding by default). You can exclude this stuff, if your password consits of only alpha-numeric characters.

Statistics: Posted by De Kus — Sat Mar 24, 2007 11:13 am

SQL error

2007-03-22T18:33:43-04:00

I have on code on php that connect to a mysql database and check if the username and password are correct and that code works fine.
The code of php is this:

Code:

$connect_db $banco = mysql_select_db('$bd_name');        $username= $_POST['username'];    $q_user = mysql_query("SELECT * FROM info WHERE username='$username'");     if(mysql_num_rows($q_user) == 1) {           $query = mysql_query("SELECT * FROM info WHERE username='$username'");        $dados = mysql_fetch_array($query);        if($_POST['password'] == $dados['password']) {            session_register("username");

And now i want to creat a tcl code that make the same effect that this does, but, i make /msg eggdrop-name auth username login and he check if its correct or no.
The code of tcl is this:

Code:

bind msg - auth catch:infoproc catch:info {nick uhost hand arg} {set username [lindex [split $arg] 0]set password [lindex [split $arg] 1]set db [mysqlconnect -host www.lusopixel.com -user kwnds -password bmy-password -db kwnds]set resultado "SELECT * FROM info WHERE username='$username'"set linhas mysql_num_rows($resultado)if {$linhas == "0"} {putquick "privmsg $nick : Username wrong"} else {set resultado1 "select * from info where password = '$password'"set linhas1 mysql_num_rows($resultado1);if {$linhas1 == "0"} {putquick "privmsg $nick :Username wrong"} else {putquick "privmsg $nick :Username and Password correct"}}}

But this code isnt working.
The hostname of my database is diferent of the hostname of my shell.
If someone want to try to fix this error, i give the information of the hosting of my database for he try to fix this on PM.
Thanks

Statistics: Posted by kwnds — Thu Mar 22, 2007 6:33 pm