Graal Forums

Graal Forums (https://forums.graalonline.com/forums/index.php)
-   Code Gallery (https://forums.graalonline.com/forums/forumdisplay.php?f=179)
-   -   Custom SQL Functions (https://forums.graalonline.com/forums/showthread.php?t=74049)

Rapidwolve 05-19-2007 01:45 AM
Custom SQL Functions
 
PHP-File [sql.php]:
PHP Code:
<?php

$mysql_host $_GET['host'];
$mysql_username $_GET['user'];
$mysql_password $_GET['pass'];
$mysql_db $_GET['db'];
$mysql_query stripslashes($_GET['query']);

$SQLConnect mysql_connect($mysql_host$mysql_username$mysql_password);

if (!$SQLConnect)
{
  die ('Could not connect:' mysql_error());
}

mysql_selectdb($mysql_db$SQLConnect);

$SQLQuery mysql_query($mysql_query);

if (!$SQLQuery)
{
  die ('Could not follow through with query: ' mysql_error());
}

  echo('Query Succesful: ' $mysql_query);

  mysql_close($SQLConnect);

?>
Class [sql_settings]:
PHP Code:
/*
DEFAULT SETTINGS FOR mySQL
*/
function onCreated()
{
  this.sql = new TStaticVar();
  this.sql.connectfile "http://site.tld/dir/to/sql.php"// Directory of: sql.php
  this.sql.host "localhost"// Your SQL host [Usually 'localhost']
  this.sql.db ""// The database you wish to work with
  this.sql.username ""// The SQL-DB username
  this.sql.password ""// The SQL-DB password

Class [sql_functions]:
PHP Code:
function SQL_Update(tablefieldnewvaluerowvalue)
{
  temp.query format("UPDATE `%s` SET `%s` = '%s' WHERE `%s` = %s"temp.tabletemp.fieldtemp.newvaluetemp.rowtemp.value);
  return temp.query;
}

function SQL_Delete(tablefieldvalue)
{
  temp.query format("DELETE FROM `%s` WHERE `%s` = '%s';"temp.tabletemp.fieldtemp.value);
  return temp.query;
}

function SQL_Insert(tablefieldvalue)
{
  if ((temp.field.size() == temp.value.size()) && temp.field.size() > 1)
  {
    temp.query format("INSERT INTO `%s` ("temp.table);
    
    for (0temp.field.size(); ++)
    {
      temp.query @= "`" temp.field[i] @ "`";
      if (temp.field.size()-1)
        temp.query @= " , ";
    }
    
    temp.query @= ") VALUES (";
    
    for (0temp.value.size(); j++)
    {
      temp.query @= "'" temp.value[j] @ "'";
      if (temp.value.size()-1)
        temp.query @= " , ";
    }
    
    temp.query @= ");";
    return temp.query;
    
  } else {
    temp.query format("INSERT INTO `%s` (`%s`) VALUES ('%s')"temp.tabletemp.fieldtemp.value);
    return temp.query;
  }
}

function RequestSQL(hostusernamepasswordquery)
{
  temp.url format("%s?host=%s&user=%s&pass=%s&db=%s&query=%s"this.sql.connectfilethis.sql.hostthis.sql.usernamethis.sql.passwordthis.sql.dbtemp.query);
  temp.req requesturl(temp.url);
  this.catchevent(temp.req"onReceiveData""onSQLReceived");
}


function onSQLReceived(page)
{
  temp.returnData page.data[0];
  for (pallplayers)
  {
    if (== "rapidwolve")    // RC Player
      p.sendpm(temp.returnData);
  }

------------

Example DB-NPC [SQL]:
PHP Code:
/*
  This is an example assuming our SQL settings class is configured properly.
*/

function onCreated()
{
  this.join("sql_settings");
  this.join("sql_functions");
  RegisterMember("rapidwolve""[email protected]");
}

function RegisterMember(memberemail)
{
  temp.query SQL_Insert("members", {"Account""Email"}, {temp.membertemp.email});
  RequestSQL(this.sql.hostthis.sql.usernamethis.sql.passwordtemp.query);


xXziroXx 05-19-2007 02:02 AM
Nice!

JkWhoSaysNi 05-19-2007 02:08 AM
Nice work,
I suggest you put the SQL connection details in the PHP script though. That way you can safely use the script clientside without worrying about people getting your DB info.

If you're only using it serverside you should check the IP and user agent of the connecting machine to increase security theres an example here: http://forums.graalonline.com/forums...&highlight=php

Rapidwolve 05-19-2007 02:57 AM
Okay added a new function and replaced an old one.
PHP Code:
RequestSQL(hostusernamepasswordquery); 
is now

PHP Code:
RequestSQL2(hostusernamepassworddbquery); 
and the new RequestSQL is:

PHP Code:
RequestSQL(query); 
Uses default SQL settings.

-------------------

Updated Class [sql_functions]:
PHP Code:
/*
      CREATED BY RAPIDWOLVE
*/
function SQL_Update(tablefieldnewvaluerow)
{
  temp.query format("UPDATE `%s` SET `%s` = '%s' WHERE `ID` = %s"temp.tabletemp.fieldtemp.newvaluetemp.row);
  return temp.query;
}

function SQL_Delete(tablefieldvalue)
{
  temp.query format("DELETE FROM `%s` WHERE `%s` = '%s';"temp.tabletemp.fieldtemp.value);
  return temp.query;
}

function SQL_Insert(tablefieldvalue)
{
  if ((temp.field.size() == temp.value.size()) && temp.field.size() > 1)
  {
    temp.query format("INSERT INTO `%s` ("temp.table);
    
    for (0temp.field.size(); ++)
    {
      temp.query @= "`" temp.field[i] @ "`";
      if (temp.field.size()-1)
        temp.query @= " , ";
    }
    
    temp.query @= ") VALUES (";
    
    for (0temp.value.size(); j++)
    {
      temp.query @= "'" temp.value[j] @ "'";
      if (temp.value.size()-1)
        temp.query @= " , ";
    }
    
    temp.query @= ");";
    return temp.query;
    
  } else {
    temp.query format("INSERT INTO `%s` (`%s`) VALUES ('%s')"temp.tabletemp.fieldtemp.value);
    return temp.query;
  }
}

function RequestSQL(query)
{
  temp.url format("%s?host=%s&user=%s&pass=%s&db=%s&query=%s"this.sql.connectfilethis.sql.hostthis.sql.usernamethis.sql.passwordthis.sql.dbtemp.query);
  temp.req requesturl(temp.url);
  this.catchevent(temp.req"onReceiveData""onSQLReceived");
}

function RequestSQL2(hostusernamepassworddbquery)
{
  temp.url format("%s?host=%s&user=%s&pass=%s&db=%s&query=%s"this.sql.connectfiletemp.hosttemp.usernametemp.passwordtemp.dbtemp.query);
  temp.req requesturl(temp.url);
  this.catchevent(temp.req"onReceiveData""onSQLReceived");
}

function onSQLReceived(page)
{
  temp.returnData page.data[0];
  for (pallplayers)
  {
    if (== "rapidwolve")    // RC Player
      p.sendpm(temp.returnData);
  }

-----------------

Quote:
Originally Posted by JkWhoSaysNi
I suggest you put the SQL connection details in the PHP script though. That way you can safely use the script clientside without worrying about people getting your DB info.
Will probobly make it like that once im done with all the SQL format functions, thanks for the advice.

Twinny 05-19-2007 05:13 AM
Stefan will (HOPEFULLY) be releasing serverside sockets soon to developers. These sockets will need available ips added so as to protect against DoS attacks and such. Once they come out, stuff like this will be so much easier :D.


All times are GMT +2. The time now is 01:26 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, vBulletin Solutions Inc.
Copyright (C) 1998-2019 Toonslab All Rights Reserved.