• If you need help or want to discuss things, you now can also join us on our Discord Server!
  • A first preview of the unlimited version of SinusBot can be found in the Upcoming Changes thread. A version for Windows will follow, but we don't have a release date, yet.

EN Database via sinusbot code

Status
Not open for further replies.

Alkowskey

Member
Hey guys, i've got a little problem.
<code>if (dbc) dbc.exec("INSERT INTO TOP (Nick, Uid, Ilsoc_Polaczen) VALUES ('qwe', 'zcx', 2)");</code>
it works but i want to have a variables instead of 'qwe' 'zcx' and 2.
ive tried this
<code>if (dbc) dbc.exec("INSERT INTO TOP (Nick, Uid, Ilsoc_Polaczen) VALUES ("+Nick+","+Uid"," + Connection_count+")");</code>
but it didnt work. Thanks!
 

flyth

is reticulating splines
Staff member
Developer
Contributor
Never ever use variables directly in the query string, as it potentially leads to SQL injection. Instead, use something like that:
Code:
dbc.exec('INSERT INTO TOP (Nick, Uid, Ilsoc_Placzen) VALUES (?, ?, ?)', Nick, Uid, Connection_count);
 

kanalumaddela

Insider
Insider
Never ever use variables directly in the query string, as it potentially leads to SQL injection. Instead, use something like that:
Code:
dbc.exec('INSERT INTO TOP (Nick, Uid, Ilsoc_Placzen) VALUES (?, ?, ?)', Nick, Uid, Connection_count);
That's prepared statements, right? And the last 3 are the actual values in that statement (nick, uid, connection_count for the ex)?
 
Status
Not open for further replies.
Top