SQL unescape string - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SQL unescape string (/showthread.php?tid=574321)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SQL unescape string (/showthread.php?tid=574321)
SQL unescape string - playadeseville - 16.05.2015
Hello, i am using SQL in my server
and i escape strings to prevent sql injections.
I had to display the escaped table, is there a way to hide the "\" symbol?
ex.
mysql_real_escape_string(string, string);
show_unescaped(string);
i tried with strdel but \ symbol gives me errors!!
help =)
Re: SQL unescape string - Vince - 16.05.2015
If that symbol appears in your actual table then you did something wrong. Escaping is done only on special characters to prevent syntactical errors.
Re: SQL unescape string - icra - 16.05.2015
Quote:
|
Originally Posted by Vince
 If that symbol appears in your actual table then you did something wrong. Escaping is done only on special characters to prevent syntactical errors.
|
mysql_real_escape_string puts a \ before ', "escaping it". In this way, the query won't recognize it as the end of the argument.
Example:
string = "Hit 'Em Up"
mysql_real_escape_string(string, result);
result = "Hit \'Em Up"
I think he needs displaying "result" as string, but if he's reading it from the query he'll have only "result". This means he haves to remove "\" character.
You can easily do a command like:
Код:
mysql_real_unescape_string(string[], result[]) {
if(strcmp("\",result)) {
// ... removes \ from the string.
}
}
Re: SQL unescape string - playadeseville - 16.05.2015
thx guys now i've understand!!
Re: SQL unescape string - rt-2 - 11.02.2017
Quote:
|
Originally Posted by icra
Nope,
mysql_real_escape_string puts a \ before ', "escaping it". In this way, the query won't recognize it as the end of the argument. Example: string = "Hit 'Em Up" mysql_real_escape_string(string, result); result = "Hit \'Em Up" I think he needs displaying "result" as string, but if he's reading it from the query he'll have only "result". This means he haves to remove "\" character. You can easily do a command like: Код:
mysql_real_unescape_string(string[], result[]) {
if(strcmp("\",result)) {
// ... removes \ from the string.
}
}
|
Код:
mysql_real_unescape_string(string[], result[]) {
if(strcmp("\\",result)) {
// ... replace "\\" with "\\\\"
}
}