Strange problem with execute.

[SzymoonDev]

Hi, before I start, I want to say that I tried everything to fix it, but Skript fooled me and I have no idea what's going on... execute "SELECT * FROM playerdata WHERE playername = 'SzymoonPL';" in {mysql} and store the result in {_output::*} set {_final} to {_output::playername::1} broadcast "%{_final}%" This code works correctly, but... When i replace my nickname with variable or type event-player or player, this code stop working. execute "SELECT * FROM playerdata WHERE playername = '%{_p}%';" in {mysql} and store the result in {_output::*} set {_final} to {_output::playername::1} broadcast "%{_final}%" In the first situation, the variable displays my name, but in the second - still appears <none>.

Idk what happend, my brain exploded... If you still dont understand, I'll try to explain more. Hold on and Happy New Year :)

[Snow-Pyon]

Remove the single quotes around the variable, skript-db will handle that for you.

[SzymoonDev]

@Snow-Pyon still not working, this is not a problem.

[SzymoonDev]

Last sql error: Parameter index out of range (3 > number of parameters, which is 2). I dont understand this.

[btk5h]

What code are you using? Did you try

execute "SELECT * FROM playerdata WHERE playername = %{_p}%" in {mysql} and store the result in {_output::*}

[SzymoonDev]

Yes, I tried all the possibilities. Your code also doesn't working. Still same error: Parameter index out of range (3 > number of parameters, which is 2).

Maybe the error applies to this code: execute "INSERT INTO playerdata(playername, registertime, lastlogintime, antybotstatus) VALUES (%{_p}%, null, null, false)" in {mysql}

Database structure: https://scr.hu/el1MJ0

I've used skellett before, but on version 1.12.X, skellett's mysql doesn't working. This code previously worked.

[btk5h]

Wait, does this mean you're not sure which line of code is causing this error?

[SzymoonDev]

I checked this. These two codes evoke this error. First, i run server without this code: execute "SELECT * FROM playerdata WHERE playername = '%{_p}%';" in {mysql} and store the result in {_output::*} last sql error shows: Parameter index out of range (3 > number of parameters, which is 2).

Than i run server without this code: execute "INSERT INTO playerdata(playername, registertime, lastlogintime, antybotstatus) VALUES (%{_p}%, null, null, false)" in {mysql} last sql error shows: Parameter index out of range (3 > number of parameters, which is 2).

I dont know what I'm doing wrong.

[SzymoonDev]

When the problem will be fixed?

[SzymoonDev]

execute "INSERT INTOplayerdata(playername,registertime,lastlogintime,antybotstatus) VALUES ('SzymoonPL', 'null', 'null', false);" in {mysql} - this code work, but when i replace 'SzymoonPL' with example '%{_p}%', the last sql error shows: Invalid argument value: java.io.NotSerializableException

[Helomi]

UP

[gp-Airee]

This is still a problem. In my case, running this yields the error: execute "update purgatory set blocks=26 where uuid='%player's uuid%'" in {sql}

[github-usrname]

https://www.w3schools.com/sql/ Here you can Learn WHY and HOW SQL Works OR https://www.php.net/manual/en/function.mysql-query.php

This is From the Owners of MYSQL n PHP i understand thats way bigger than your Plugin , but THIS IS REALLY an ISSUE Everyone MUST USE >>> QUOTES in there Arguments that they are Trying to INSERT / UPDATE into MYSQL Without them This Will Result into NOTHING literally for Example try Coding in Java without " STATIC VOID " OR " INCLUDE " && BRACKETS (you know [] {} () )

[btk5h]

@github-usrname This addon is a wrapper around Java's prepared statements. I understand that the semantics of how skript-db inlines parameters may be a bit confusing, but the goal is to ultimately prevent users from accidentally leaving themselves vulnerable to SQL injection attacks, which can happen when naively concatenating strings to form SQL queries.

You can already opt-out of this behavior by using unsafe, but a major design goal of this addon is to be secure by default.

[github-usrname]

check your @mail

[btk5h]

@github-usrname, harassing me by email won't get you anywhere. If you want to have a civilized discussion, we can have one here or in a new issue. I'm not going to bother reading an angry comment left by someone who clearly doesn't want to cooperate.