SA-MP Forums Archive
Where to use mysql_real_escape_string - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Where to use mysql_real_escape_string (/showthread.php?tid=446040)



Where to use mysql_real_escape_string - amit133 - 24.06.2013

Hello,
I started to change my mode to using MySQL .
But I don't understand where to use the func - mysql_real_escape_string
Everytime when player text(onplayertext,dialogs,onplayercommandtext)
Or only when we take a input to mysql from the player?


Re: Where to use mysql_real_escape_string - rappy93 - 24.06.2013

Well...whenever I want to store some player data in my mysql I use the "INSERT INTO" function...I'm more accustomed to it as for that function I am not really sure where to use it.


Re: Where to use mysql_real_escape_string - iJumbo - 24.06.2013

mysql_real_escape_string is a function for avoid SQL injection http://it.wikipedia.org/wiki/SQL_injection

You have to use it when a player input a text directly to a query

EXAMPLE:

pawn Code:
new escapedtext[128];
mysql_real_escape_string(inputfromplayer, escapedtext);
myquerywithformat("INSERT INTO something (yea) VALUES('%s')",escapedtext);



Re: Where to use mysql_real_escape_string - PaulDinam - 24.06.2013

Usefull stock:
instead of typing mysql_real_escape_string all the time
pawn Code:
stock EscapeString(const string[])
{
    new escpass[128];
    mysql_real_escape_string(string, escpass);
    return escpass;
}



Re: Where to use mysql_real_escape_string - Vince - 24.06.2013



Just like people who use SCM for SendClientMessage. Just type it out already.


Re: Where to use mysql_real_escape_string - iJumbo - 24.06.2013

Actually write SendClientMessage is more faster than SCM, the S and C are to close, and my fingers are like "aaargh"


Re: Where to use mysql_real_escape_string - amit133 - 24.06.2013

So InPlayerText I don;t need to put this?
cuz in wiki samp theri example are in OnPlayerText


Re: Where to use mysql_real_escape_string - iJumbo - 24.06.2013

If you send a query with the player text yea you do