SA-MP Forums Archive
mysql_real_escape_string - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: mysql_real_escape_string (/showthread.php?tid=643652)


mysql_real_escape_string - RedGun2015 - 24.10.2017

Hello, I work to a commnad that applied only for offline users, i have something like this:
Код:
CMD:auninviteoff(playerid, params[])
{
    if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to log in first.");
	if(PlayerInfo[playerid][pAdmin] >= 4)
	{
		new id, fp, reason, string[MAX_STRING];
		if(sscanf(params, "s[30]is[64]", id, fp, reason)) return SCM(playerid, -1, "Usage: /auninviteoff [name] [fp] [reason]");
		mysql_real_escape_string(id, escape);
		mysql_format(SQL, string, sizeof string, "SELECT * FROM `users` WHERE `name` = '%s'", escape);
		mysql_tquery(SQL, string, "doUninviteAdminOff", "dsds", playerid, id, fp, reason);
	}
	return 1;
}
But i don't know if i need to use mysql_real_escape_string(id, escape); if i already call the function using mysql_tquery. Or to use in the function
Код:
function doUninviteAdminOff(playerid, id, fp, reason[]) { mysql_real_escape_string(id, escape); }
Basically, the commnad i used to change didn't call any function it was just a command and now I want to call a function to be more quickly when I use this function from somewhere else.

If someone can help, please post here.

Re: mysql_real_escape_string - Abagail - 24.10.2017

mysql_format doesn't automatically escape strings, so don't assume it does. However mysql_format does offer an 'e' specifier for strings that handles escaping in-line.

So instead of "WHERE name = '%s'", you can use "WHERE name = '%e'", no need for mysql_real_escape_string if you use this. Note that this doesn't work with the regular format function within SA-MP (not that you should be using it for SQL queries anyway).

Re: mysql_real_escape_string - RedGun2015 - 25.10.2017

Quote:
Originally Posted by Abagail
Посмотреть сообщение
mysql_format doesn't automatically escape strings, so don't assume it does. However mysql_format does offer an 'e' specifier for strings that handles escaping in-line.

So instead of "WHERE name = '%s'", you can use "WHERE name = '%e'", no need for mysql_real_escape_string if you use this. Note that this doesn't work with the regular format function within SA-MP (not that you should be using it for SQL queries anyway).
Thanks for answer!

Re: mysql_real_escape_string - CodeStyle175 - 25.10.2017

pls stop using this check in every command waste of time
if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to log in first.");
and also every query doesnt need to threaded
PHP код:
new Cache:cq=mysql_query(SQL,s);
///
cache_delete(cq); 
PHP код:
public OnPlayerCommandReceived(playerid,cmdtext[]){
    if(!gPlayerLogged[playerid]){
        SendClientMessage(playeridCOLOR_LIGHTRED"You need to log in first.");
        return 0;
    }
    return 1;