Is it safe to include an un-escaped query into SQLite's query? - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Is it safe to include an un-escaped query into SQLite's query? (/showthread.php?tid=642916)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Is it safe to include an un-escaped query into SQLite's query? (/showthread.php?tid=642916)
Is it safe to include an un-escaped query into SQLite's query? - Meller - 09.10.2017
I'm not great with SQLite, but as I'm aware of MySQL, you can escape any string you're using in a query within the database in order to prevent SQL injections from such as names, inputs, and all those etcetera. This can be done using mysql_escape_string and mysql_format, (from BlueG's plugin and its MySQL library, as well as (handle)->real_escape_string() in PHP5). So my question is, how will it be safe to escape a string to be used with SQLite without taking parts of another plugin such as BlueG's.
I've not found any function like this by browsing the a_sampdb.inc.
Re: Is it safe to include an un-escaped query into SQLite's query? - Konstantinos - 09.10.2017
%q specifier in format function.
Re: Is it safe to include an un-escaped query into SQLite's query? - Meller - 09.10.2017
Quote:
|
Originally Posted by Konstantinos
 %q specifier in format function.
|
Thanks, appreciate it.