Mysql escape string - Printable Version

Mysql escape string - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Mysql escape string (/showthread.php?tid=307693)

Mysql escape string - DRIFT_HUNTER - 31.12.2011

Im not sure how to use escape string's cos i dont know the way they working
So if someone can give me an CORRECT example and EXPLAIN sql escape string's i will be grateful

Here is how i use them but i dont think its correct:

pawn Код:

new Query[128],QueryEsc[128];
    format(Query, sizeof(query),"SELECT * FROM `samp_users` WHERE `UserName`='%s' AND `Password`='%s'", UserNameString, PasswordString);
    mysql_query(Query);
    mysql_real_escape_string(Query, QueryEsc);
    mysql_store_result();
    if(mysql_num_rows())
    {
        mysql_fetch_row_format(Query);
        printf("%s", Query);
    }

Please do not try to help if you just THINK you know these.Thx

Re: Mysql escape string - Hiddos - 31.12.2011

Basically escaping a string is used to prevent SQL injection by adding a backslash to SQL statements found in a string, so they will not interrupt the query. Your problem is that you use escape the query, disabling ALL statements. You only need to escape the input.

Re: Mysql escape string - DRIFT_HUNTER - 31.12.2011

So in these case i only need to escape UserNameString and PasswordString?

pawn Код:

mysql_real_escape_string(UserNameString , UserNameStringEscape);
mysql_real_escape_string(PasswordString, PasswordStringEscape);
mysql_query(................

These is right?

Re: Mysql escape string - Hiddos - 31.12.2011

Yerp (Don't forget still formatting the query

). AFAIK, you can escape a string to the same string, like:

pawn Код:

mysql_real_escape_string(UserNameString , UserNameString);
mysql_real_escape_string(PasswordString, PasswordString);

Re: Mysql escape string - DRIFT_HUNTER - 31.12.2011

Quote:

Originally Posted by Hiddos

Yerp (Don't forget still formatting the query

). AFAIK, you can escape a string to the same string, like:

pawn Код:

mysql_real_escape_string(UserNameString , UserNameString);
mysql_real_escape_string(PasswordString, PasswordString);

Thank you very much for helping me understand these