When do I need to escape strings in mysql? - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: When do I need to escape strings in mysql? (/showthread.php?tid=447628)

---

When do I need to escape strings in mysql? - 101 - 30.06.2013

So I might move to mysql for my server. When do I need to escape the string? Only on logging in, password I mean or everywhere? Considering the rest of the data would be stored in enums and saved (read) from enums.

---

Re: When do I need to escape strings in mysql? - IstuntmanI - 30.06.2013

When are inserted some values which can be written by players. (not player names) In things which can contain ' and ` characters.

---

Re: When do I need to escape strings in mysql? - Scottas - 30.06.2013

you should escape any string, that user (player in your server) may enter, to prevent sql injection.

---

Re: When do I need to escape strings in mysql? - 101 - 30.06.2013

So wherever I have a command that requires something to enter, that connects to the database (reads/or will insert into it)? Although, if I make a /setlevel cmd do I need to escape string, if I make it a condition that it must be an umber from 0 to 5 (isnumeric) and not any other character?

---

Re: When do I need to escape strings in mysql? - Scenario - 30.06.2013

Any time a user can enter their own text where that text is then stored in the database. Passwords should be hashed and salted- so escaping them isn't needed. You don't need to escape usernames either, since SA:MP limits specific characters from being used in a username (AFAIK- you might want to double check this).

So, if you are logging anything a player says on the server using OnPlayerText(), you need to be escaping the "text" string before inserting it into the database.

Search before posting next time.

---

Re: When do I need to escape strings in mysql? - 101 - 30.06.2013

You people gotta stop saying search before posting every time. I did, the exact answer wasn't there. Besides, someone should do a PDO plugin for samp

---

Re: When do I need to escape strings in mysql? - Scenario - 30.06.2013

Actually, no we don't. The problem is that people like yourself who don't search properly, or don't spend the time to read through search results- thus leading to more spam topics on the same subject over and over and over again.

It's really annoying! You have been registered here for two years, but you can't even do such a simple task. It's just utter laziness on your part.

---

Re: When do I need to escape strings in mysql? - 101 - 30.06.2013

Be my guest search for it and tell me how long it took.

Finally, you chose to view my thread, you chose to reply. No one made you.

---

Re: When do I need to escape strings in mysql? - Scenario - 30.06.2013

When searching you won't always get an exact answer. However, with a little reading, you can find answers that are virtually the same thing. Quit being so lazy- spend more than a minute to search for something if you have to.

http://stackoverflow.com/questions/1...scape-a-string

---

Re: When do I need to escape strings in mysql? - 101 - 30.06.2013

I was only searching on the forum, not ******-wide. I wasn't sure if the same rules matter.

---