[Discuss] MySql for 5165 !

Page 1 of 2 1 2
03/30/2010 09:52 Paralyzer[GM]#1
Ok so on the [REL]ItemLock Saving/Loading we are going abit off-topic so I made this topic

So far....

1. Your gonna need a $con connection and the correct MySql connection codes so ....

So far we have the code(s)

add in the Database.cs

Code:
 public class Database
    {
        public const string USER_NAME = "root";
        public static string PASSWORD = "";
        public const string SERVER = "";
        public const string DATA_BASE = "";
        static MySqlConnection conn = new MySqlConnection("Server=" + SERVER + ";Database='" + DATA_BASE + "';Username='"[COLOR=Red] + USER_NAME +[/COLOR] "';Password='" [COLOR=Red]+ PASSWORD +[/COLOR] "'");
        static bool did = false;
        public static MySqlConnection Connection
        {
            get
            {
                if (!did)
                { conn.Open(); did = true; conn.StateChange += new System.Data.StateChangeEventHandler(conn_StateChange); }
                return conn;
            }
        }
        static void conn_StateChange(object sender, System.Data.StateChangeEventArgs e)
        {
            if (e.CurrentState == System.Data.ConnectionState.Closed || e.CurrentState == System.Data.ConnectionState.Broken)
            {
                conn.Dispose();
                conn = new MySqlConnection("Server=" + SERVER + ";Database='" + DATA_BASE + "';Username='" + [COLOR=Red][COLOR=Black]USER_NAME[/COLOR][/COLOR] + "';[COLOR=Black]Password[/COLOR]='" + PASSWORD + "'");
                conn.Open();
                conn.StateChange += new System.Data.StateChangeEventHandler(conn_StateChange);
            }
HOWEVER the codes in red ARE very vulnerable!...careful with sql-injection guys... Thank you to who ever posted that

I will update this every 5 hours or so
}
03/30/2010 10:10 Korvacs#2
The username and password arnt vulnerable, since no one has access to it, injection occurs when you can pass a string to the database, so things like character names and server names are vulnerable, but only if you dont add protection against it.
03/30/2010 10:19 Paralyzer[GM]#3
=o /facepalm myself o.O ok well surely there are codes out their to protect character name(s) ? but surely are people(s) character names really matter ?

EDIT: Well I just upgraded to Windows 7 Ultimate ( acitvated ) and just reinstalling C# and navicat/MySql along with the rikardo Updated so I can begin to work on the Mysql thing in about 30min

For the loading accounts in MySql can you still do that without changing the Character load or would I have to Change how everything loads ?
03/30/2010 10:55 Korvacs#4
Everything that previously loaded from a .ini file would need to be converted to load from SQL, you would also need to construct the entire database, tables, structures, from scratch, or write a fancy app to do it for you.
03/30/2010 11:02 Paralyzer[GM]#5
Well I am not using .ini I am using the Flat-File trying to make it MySql so erm for now can I not just make the account load from MySql ?

EDIT: Can I make everything load from MySql just not the NPC(s) ? also has anybody got a 5165.sql for me to use ? or can I use the CoEmu one ?
03/30/2010 11:05 .Ocularis#6
Yes.
03/30/2010 11:06 Korvacs#7
.ini is a type of flat-file database, i forgot that 5165 uses a binary flat-file system. But either way both are flat-file and both need to be fully converted to SQL.
03/30/2010 11:13 Paralyzer[GM]#8
I think I could use the CoEmu V2.sql as a base for it but is there NO way I can make Npc(s) stay in a .cs ?
03/30/2010 11:31 Korvacs#9
Of course you can do that o.O
03/30/2010 12:34 ChingChong23#10
Quote:
Originally Posted by Paralyzer[GM] View Post
=o /facepalm myself o.O ok well surely there are codes out their to protect character name(s) ?
you could do checks your self, or use prepared statements.
03/30/2010 13:02 Paralyzer[GM]#11
ah kool so all I have to do is leave the way NPC(s) load as they are even if accounts and everything else loads using MySql
03/30/2010 13:36 Korvacs#12
Indeed :)
04/01/2010 01:39 PeTe Ninja#13
ye i had my lotf 5017 using mysql for half and flat for the other.
04/01/2010 08:58 ~Falcon#14
Using features like MySqlCommandBuilder in C#, help prevent against injection, considering those functions escape any dangerous characters :)
04/01/2010 17:13 12tails#15
lol... easy thing to doo.... i have my 5165 source entire MySql system... i'll try to help out converting it : P
Page 1 of 2 1 2