08-18-2015, 04:26 PM
Nice first plugin.
As NiLSPACE already noted, it is somewhat vulnerable to SQL injection, but I don't agree with his solution. You should instead use prepared statements to insert values into the DB:
I'd suggest you don't use the ON_EXECUTE_COMMAND hook, but rather register your command in the regular way, using cPluginManager:BindCommand(), or even better, using the Info.lua file. See here for details: http://luaapi.cuberite.org/InfoFile.html
That way your command gets shown in the help and the server checks that only one plugin registers your command - the admins get a warning message if two plugins try to register the "logger" command.
As NiLSPACE already noted, it is somewhat vulnerable to SQL injection, but I don't agree with his solution. You should instead use prepared statements to insert values into the DB:
local stmt = LOG_DB:prepare("INSERT INTO data (login, message, date) VALUES (?, ?, ?)")
stmt:bind_values(Player:GetName(), Message, os.time())
stmt:execute()
This way the code is clean from any SQL injections and the actual statement is even a bit easier to read.I'd suggest you don't use the ON_EXECUTE_COMMAND hook, but rather register your command in the regular way, using cPluginManager:BindCommand(), or even better, using the Info.lua file. See here for details: http://luaapi.cuberite.org/InfoFile.html
That way your command gets shown in the help and the server checks that only one plugin registers your command - the admins get a warning message if two plugins try to register the "logger" command.