[AiRaLoKa]

Hi all...

i have a question here...
which is better to formatting my mysql query? format or mysql_format?

and what is the different?

[nmader]

I typically see it (and it's how I use it) as format. It's simply the way I learned so I know it works. I'm sure it's relatively the same and does the same thing, just possibly different syntax's.

[Trynda]

QUESTION: Why MySQL is better than the deafult one? And for me MYSQL is very hard to script -_-

[nmader]

Quote:

Originally Posted by Trynda QUESTION: Why MySQL is better than the deafult one? And for me MYSQL is very hard to script -_-

I do not believe that the MYSQL_format is any better than regular formatting, it's just less lines of code. Just do a traditional format

pawn Код:

new string[128];
format(string, sizeof(string), "pCash = %d", pInfo[playerid][pCash]);
mysql_query(string) //this line isn't exact, it's just to get the point across

[AiRaLoKa]

Quote:

Originally Posted by nmader I do not believe that the MYSQL_format is any better than regular formatting, it's just less lines of code. Just do a traditional format pawn Код: new string[128]; format(string, sizeof(string), "pCash = %d", pInfo[playerid][pCash]); mysql_query(string) //this line isn't exact, it's just to get the point across

thats why i made this thread, i don't believe that mysql_format has any better function. and i know that mysql_format has longer syntax than the traditional format.
is there any other different?

btw, your code is wrong(for me. becouse i use mysql_r38 :P).

[Konstantinos]

https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format and https://sampwiki.blast.hk/wiki/MySQL/R33..._escape_string (read the important note, it says about mysql_format).

[AiRaLoKa]

Quote:

Originally Posted by Konstantinos https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format and https://sampwiki.blast.hk/wiki/MySQL/R33..._escape_string (read the important note, it says about mysql_format).

i found this

Quote:

Description: Allows you to format a string which you can safely use in a query.

and this

pawn Код:

new query[128];
mysql_format(MySQL, query, sizeof(query), "SELECT * FROM `%s` WHERE `bar` = '%e' AND `foobar` = '%f' LIMIT %d", "foobar", "escape'me\"please", 1.2345, 1337);
// the variable 'query' contains now the formatted query (including the escaped string)
mysql_tquery(MySQL, query, "OnStuffSelected", "");

on the mysql_escape_string

Quote:

Always use this function (if you don't use mysql_format() with the '%e' specifier) before inserting user inputs in a query. You can be victim of a SQL injection if you do not do so.

it's mean that mysql_format is much safer than traditional format?
is that true?

[Konstantinos]

It escapes the special characters and it prevents you from being victim of SQL injection so yes - it's safer to use it.

[AiRaLoKa]

Quote:

Originally Posted by Konstantinos It escapes the special characters and it prevents you from being victim of SQL injection so yes - it's safer to use it.

nice...
i should use it from now...
thank's Konstantinos