Simple Question - Printable Version

Simple Question - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Simple Question (/showthread.php?tid=514736)

Simple Question - AiRaLoKa - 23.05.2014

Hi all...

i have a question here...
which is better to formatting my mysql query? format or mysql_format?

and what is the different?

Re: Simple Question - nmader - 23.05.2014

I typically see it (and it's how I use it) as format. It's simply the way I learned so I know it works. I'm sure it's relatively the same and does the same thing, just possibly different syntax's.

Re: Simple Question - Trynda - 23.05.2014

QUESTION: Why MySQL is better than the deafult one? And for me MYSQL is very hard to script -_-

Re: Simple Question - nmader - 23.05.2014

Quote:

Originally Posted by Trynda

QUESTION: Why MySQL is better than the deafult one? And for me MYSQL is very hard to script -_-

I do not believe that the MYSQL_format is any better than regular formatting, it's just less lines of code. Just do a traditional format

pawn Код:

new string[128];
format(string, sizeof(string), "pCash = %d", pInfo[playerid][pCash]);
mysql_query(string) //this line isn't exact, it's just to get the point across

Re: Simple Question - AiRaLoKa - 23.05.2014

Quote:

Originally Posted by nmader

I do not believe that the MYSQL_format is any better than regular formatting, it's just less lines of code. Just do a traditional format

pawn Код:

new string[128];
format(string, sizeof(string), "pCash = %d", pInfo[playerid][pCash]);
mysql_query(string) //this line isn't exact, it's just to get the point across

thats why i made this thread, i don't believe that mysql_format has any better function. and i know that mysql_format has longer syntax than the traditional format.
is there any other different?

btw, your code is wrong(for me. becouse i use mysql_r38 :P).

Re: Simple Question - Konstantinos - 23.05.2014

https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format and https://sampwiki.blast.hk/wiki/MySQL/R33..._escape_string (read the important note, it says about mysql_format).

Re: Simple Question - AiRaLoKa - 23.05.2014

Quote:

Originally Posted by Konstantinos

https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format and https://sampwiki.blast.hk/wiki/MySQL/R33..._escape_string (read the important note, it says about mysql_format).

i found this

Quote:

Description:
Allows you to format a string which you can safely use in a query.

and this

pawn Код:

new query[128];
mysql_format(MySQL, query, sizeof(query), "SELECT * FROM `%s` WHERE `bar` = '%e' AND `foobar` = '%f' LIMIT %d", "foobar", "escape'me\"please", 1.2345, 1337);
// the variable 'query' contains now the formatted query (including the escaped string)
mysql_tquery(MySQL, query, "OnStuffSelected", "");

on the mysql_escape_string

Quote:

Always use this function (if you don't use mysql_format() with the '%e' specifier) before inserting user inputs in a query. You can be victim of a SQL injection if you do not do so.

it's mean that mysql_format is much safer than traditional format?
is that true?

Re: Simple Question - Konstantinos - 23.05.2014

It escapes the special characters and it prevents you from being victim of SQL injection so yes - it's safer to use it.

Re: Simple Question - AiRaLoKa - 23.05.2014

Quote:

Originally Posted by Konstantinos

It escapes the special characters and it prevents you from being victim of SQL injection so yes - it's safer to use it.

nice...
i should use it from now...
thank's Konstantinos