Escape - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Escape (/showthread.php?tid=606559)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Escape (/showthread.php?tid=606559)
Escape - ScIrUsna - 06.05.2016
If i do mysql escape and i write it in other variable escape exit's or no?
Код:
new escapestring[ 50 ]; mysql_real_escape_string(escapestring,escapestring); new otherstring[ 50 ]; format(otherstring,49,"%s", escapestring);
Re: Escape - KevinReinke - 06.05.2016
Yes, it does.
Re: Escape - ScIrUsna - 06.05.2016
You mean i don't need to do another escape like:
Код:
format(otherstring,49,"%s", escapestring); and mysql_real_escape_string(otherstring,otherstring);
Re: Escape - KevinReinke - 06.05.2016
You should basically only escape inputs.
You're better off leaving that function aside. And when you are going to execute a query that has custom inputs in it, use the %q specifier (escapes the string placed in the parameter), instead of the %s specifier.
The %q specifier is built into the native format.
Re: Escape - ScIrUsna - 06.05.2016
But i heard i have to escape everything i write into database update,select,delect queries any collum is text and player can write
Re: Escape - itsCody - 06.05.2016
use mysql_format and use %e to escape.
Re: Escape - KevinReinke - 06.05.2016
Quote:
|
Originally Posted by ScIrUsna
 But i heard i have to escape everything i write into database update,select,delect queries any collum is text and player can write
|
Re: Escape - ScIrUsna - 06.05.2016
Yes, but i don't understand with first question, when i write escaped text in other variable i need reescape again?