hambeast
Well-Known Member
actually i think you dont even need the ?/[0]. Thats just the way to substitute in variables in the hive call.
you could also do a direct
_sqlstring ="CHILD:999: select id from building WHERE class_name= 'barrack' AND id > 0";
need to give that a try though.
cheers, Sarge
Here's some food for thought. In PHP MySQL injection is a big problem, users pass their own query in as data and force your server to execute it. one way to work around this is by using parameters in your query instead of just replacing a string value in the query itself (? vs %1 in this example). The engine (mysqli in my case) strips the values passed as parameters (?) of bad data and cleans it the best it can. I'm guessing (not 100%) that the Hive.dll is also doing some sort of cleaning of input data if it is passed as a param.
How much of a threat is injection in dayz? probably minimal at best but who knows with all the access that hackers have to execute code they desire.
I'll try to get my query working using your sample as a template. I think I owe you a beer if I get it working!