• If you need help or want to discuss things, you now can also join us on our Discord Server!
  • A first preview of the unlimited version of SinusBot can be found in the Upcoming Changes thread. A version for Windows will follow, but we don't have a release date, yet.

EN Database via sinusbot code

Status
Not open for further replies.
A

Alkowskey

Member
Hey guys, i've got a little problem.
<code>if (dbc) dbc.exec("INSERT INTO TOP (Nick, Uid, Ilsoc_Polaczen) VALUES ('qwe', 'zcx', 2)");</code>
it works but i want to have a variables instead of 'qwe' 'zcx' and 2.
ive tried this
<code>if (dbc) dbc.exec("INSERT INTO TOP (Nick, Uid, Ilsoc_Polaczen) VALUES ("+Nick+","+Uid"," + Connection_count+")");</code>
but it didnt work. Thanks!
 
Never ever use variables directly in the query string, as it potentially leads to SQL injection. Instead, use something like that:
Code: 
dbc.exec('INSERT INTO TOP (Nick, Uid, Ilsoc_Placzen) VALUES (?, ?, ?)', Nick, Uid, Connection_count);
 
flyth said:
Never ever use variables directly in the query string, as it potentially leads to SQL injection. Instead, use something like that:
Code: 
dbc.exec('INSERT INTO TOP (Nick, Uid, Ilsoc_Placzen) VALUES (?, ?, ?)', Nick, Uid, Connection_count);
Click to expand...
That's prepared statements, right? And the last 3 are the actual values in that statement (nick, uid, connection_count for the ex)?
 
Status
Not open for further replies.
Back
Top Bottom