SQL injection - Stupid idea - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SQL injection - Stupid idea (/showthread.php?tid=577628)

---

SQL injection - Stupid idea - PeterJane - 12.06.2015

Hi guys I need your opinion.

It will probably be the most stupid quetion you ever read in your life, but still I'm going to ask!

I'm thinking about a system where the player in-game cracks an atm. I've thought about several things including math equations, which signal/number comes next, etc. But would it be possible to allow an user to do an sql injection into a separate database used only for a special occasion? I mean, it would be hard for the majority of players.

I know some of you will say that I've no experience whatsoever about databases, and that's true, but this is part of my learning and curiosity.

---

Re: SQL injection - Stupid idea - JaydenJason - 12.06.2015

nononono, I like the idea but you shouldn't allow actual injections. howeverrr you could use strfind to find if player has inserted something like "100', accountCash = '99999'" or w/e,

---

Respuesta: SQL injection - Stupid idea - [DOG]irinel1996 - 12.06.2015

I'm not sure about how works the MySQL plugin right now for SA-MP, 'cause I didn't use it for a long time, but there must be something like mysqli_real_escape_string, that should avoid SQL Injection.

Probably this isn't 100% secure, but it's enough.

I didn't understand your question at all, are you going to allow users to crack an ATM in-game (in a RP gamemode probably) using real SQL code? In my opinion, that's not a good idea because I think there isn't any way to say "disable SQL Injection there and there not".

Use PAWN for in-game systems.

---