Space in Inputtext - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Space in Inputtext (/showthread.php?tid=502399)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Space in Inputtext (/showthread.php?tid=502399)
Space in Inputtext - Ph0eniX - 23.03.2014
hi all , i have a problem with "hackers" all times delete my accounts by using drop table..... all what i want to know...is how to make to check if inputtext have or not space ... anyone can help me please ?
Re: Space in Inputtext - MP2 - 23.03.2014
It's called mySQL injection. You need to use mysql_real_escape_string on inputtext.
Re: Space in Inputtext - Ph0eniX - 23.03.2014
i use SQLite , and he/she use 1 command to put this string
command is /movestats and this command have accest at my database , and if any1 type this string "drop...." or "update" or something like this , it will execute this in database and for this i want to check if any1 use space , to can't use or...if in inputtext is this "'; UPDATE users....." or "\inj "Jay'; DROP...."
Re: Space in Inputtext - newbienoob - 23.03.2014
pawn Код:
stock DB_Escape(text[])
{
new
ret[80* 2],
ch,
i,
j;
while ((ch = text[i++]) && j < sizeof (ret))
{
if (ch == '\'')
{
if (j < sizeof (ret) - 2)
{
ret[j++] = '\'';
ret[j++] = '\'';
}
}
else if (j < sizeof (ret))
{
ret[j++] = ch;
}
else
{
j++;
}
}
ret[sizeof (ret) - 1] = '\0';
return ret;
}
Re: Space in Inputtext - MP2 - 23.03.2014
You don't need to check for spaces. You need to escape the string. It appears SQLite package doesn't have this function though.
You'll need to define it yourself: https://sampwiki.blast.hk/wiki/Escaping_Strings_SQLite
EDIT: newbienoob beat me to it. Fucking post limit ;_;
Re: Space in Inputtext - Ph0eniX - 23.03.2014
ty , but i allready use db_escape , but at inputtext idk how / where to add this ... becouse i use db_escape only here
BUD::GetNameUID(DB_Escape(inputtext));
BUD::GetNameUID(DB_Escape(PlayerName(playerid)));
and... here
if(BUD::IsNameRegistered(inputtext) == false) return
SendClientMessage(playerid, red, "ERROR: The nickname that you Specified doesn't have an Account!");
EDIT: solved , ty for help +rep i maked
if(BUD::IsNameRegistered(DB_Escape(inputtext)) == false) return
SendClientMessage(playerid, red, "ERROR: The nickname that you Specified doesn't have an Account!");