From 342a52f1def6b455fbb0aa1443c0e39d1c51322f Mon Sep 17 00:00:00 2001
From: DoganGFL <gfldogan@gmail.com>
Date: Thu, 3 Oct 2019 14:29:34 +0200
Subject: [PATCH] PlaytimeStats: 2 fixes

fix escaping names
declare index
---
 PlaytimeStats/scripting/PlaytimeStats.sp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/PlaytimeStats/scripting/PlaytimeStats.sp b/PlaytimeStats/scripting/PlaytimeStats.sp
index e4e2704c..588d1108 100644
--- a/PlaytimeStats/scripting/PlaytimeStats.sp
+++ b/PlaytimeStats/scripting/PlaytimeStats.sp
@@ -58,9 +58,14 @@ public void OnClientDisconnect(int client)
 	int iPlayTime = GetTime() - g_iConnectionTime[client];
 
 	int iAuthID = GetSteamAccountID(client);
+	
+	char sName[MAX_NAME_LENGTH];
+	GetClientName(client, sName, sizeof(sName));
+	char sSafeName[(2*MAX_NAME_LENGTH)+1];
+	g_hDatabase.Escape(sName, sSafeName, sizeof(sSafeName));
 
 	char sQuery[512];
-	Format(sQuery, sizeof(sQuery), "INSERT INTO playtime (auth,name,time) VALUES ('%d', '%N', '%d') ON DUPLICATE KEY UPDATE time=time+%d", iAuthID, client, iPlayTime, iPlayTime);
+	Format(sQuery, sizeof(sQuery), "INSERT INTO playtime (auth,name,time) VALUES ('%d', '%s', '%d') ON DUPLICATE KEY UPDATE time=time+%d", iAuthID, sSafeName, iPlayTime, iPlayTime);
 
 	g_hDatabase.Query(SQL_OnQueryCompleted, sQuery, _, DBPrio_Low);
 }
@@ -76,7 +81,7 @@ public void SQL_OnDatabaseConnect(Database db, const char[] error, any data)
 	g_hDatabase = db;
 
 	char sQuery[512];
-	Format(sQuery, sizeof(sQuery), "CREATE TABLE IF NOT EXISTS playtime (`auth` INTEGER, `name` varchar(128), `time` INTEGER, PRIMARY KEY (`auth`))");
+	Format(sQuery, sizeof(sQuery), "CREATE TABLE IF NOT EXISTS playtime (`auth` INTEGER, `name` varchar(128), `time` INTEGER, PRIMARY KEY (`auth`), INDEX (`time`))");
 
 	g_hDatabase.Query(SQL_OnQueryCompleted, sQuery, _, DBPrio_Low);
 }