Need help to block '\' and other characters - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Need help to block '\' and other characters (/showthread.php?tid=433728)

---

Need help to block '\' and other characters - Richie© - 28.04.2013

Title pretty much says it all.
I want to search users input for several characters (\, /, ', ; , --) and block it, this to avoid sql injection and other unwanted actions.

I tried this, but it gives error. (possibly non terminated string)
How to make it work and in the best possible way?

---

Re: Need help to block '\' and other characters - Kyle - 28.04.2013

Use: strfind(text, "\", true);

or you could escape using the SQL Ecape function.

---

Re: Need help to block '\' and other characters - Richie© - 28.04.2013

I real escape every string, but it was brought to my attention that i should have extra protection.
I figured out the problem and its working now, but is there any better way to do this then using a bunch of strfind?

---

Re: Need help to block '\' and other characters - Richie© - 28.04.2013

I was told real escape was not enough and could be bypassed, and that i should check inputs to for certain characters. Im not the mysql expert here, im just trying to protect against sql injection from advice.

---

Re: Need help to block '\' and other characters - Scenario - 28.04.2013

I've tried injecting myself. It doesn't work.

---

Re: Need help to block '\' and other characters - Basssiiie - 28.04.2013

If you want to search for the backslash character, you might want to use this: (strfind(string,"\\",true) != -1)

This is because \ is used for several escape sequences. (Accessing special characters which aren't on your keyboard.)

---