Post: #3

(03-03-2014 12:02 AM)Avatar Wrote:  You better use mysql instead. Because HTML generator have you open to vulnerabilities. Then you can show your values with Php, Asp, whatever you like.

Also, in html generator dont take eval of values before showing html page. I mean think like that;

You want to show a value on html web page. So you assign var, for instance, as var.value = 5.

So put it on html page like %eval %var.value%%.

This should work if I dont remember wrongly. I used this 5-6 years ago.

Thanks Avatar,
I lack MySQL knowledge, so I would probably be risking my (future) users more. :/
I have seen many shards being MySQL injected, I don't know how that happens, but I'm trying to keep safe my own way.
Would love to use MySQL though.

Back to the subject, I haven't tried a VAR yet, but when I use %UID.MYUIDHERE.TAG% and this tag is a number, it doesn't seem to EVAL correctly.

I have tried:

%EVAL %UID.MYUIDHERE.TAG%% - This will show a zero% IIRC.

%EVAL UID.MYUIDHERE.TAG% - This will EVAL the UID number.

%EVAL %UID.MYUIDHERE.TAG% - This will show a zero only. I think it EVALs nothing.

When the tag is a player name, it works smooth, as I explained on the first post.

I haven't tried with a VAR, but I would love to see it working with the UID.

Any thoughts?

Thanks everyone!