escaping names - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: escaping names (/showthread.php?tid=622153)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: escaping names (/showthread.php?tid=622153)
escaping names - MerryDeer - 19.11.2016
Hi,
I need to escape name when player connect? or sa-mp automatic don't allow symbols that could make sql injection?
Re: escaping names - BiosMarcel - 19.11.2016
Just try it out ...
Re: escaping names - TwinkiDaBoss - 19.11.2016
Quote:
|
%e |
SA:MP doesnt escape strings anywhere since its not built specially for SQL. Same as most programming/scripting languages.
There are many types of SQL injections therefore forbing characters straight on by SA:MP would be somewhat impossible.
Example:
Quote:
|
SELECT fieldlist FROM table WHERE field = 'x' AND email IS NULL; -- |
Also, as far as I know most of the special characters that you would use to do a injection attack are impossible to be added as a default name in SA:MP but there are advanced SQL injection attacks that can easily slip between those. Always escape your querries.