1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
SQL unescape string
playadeseville
Little Clucker
**
Posts: 11
Threads: 4
Joined: Apr 2015
Reputation: 0
#1

16.05.2015, 02:21
Hello, i am using SQL in my server
and i escape strings to prevent sql injections.

I had to display the escaped table, is there a way to hide the "\" symbol?

ex.

mysql_real_escape_string(string, string);

show_unescaped(string);

i tried with strdel but \ symbol gives me errors!!
help =)
Find
Reply
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#2

16.05.2015, 08:55
If that symbol appears in your actual table then you did something wrong. Escaping is done only on special characters to prevent syntactical errors.
Find
Reply
icra
Big Clucker
***
Posts: 96
Threads: 8
Joined: Jun 2014
Reputation: 0
#3

16.05.2015, 12:12
Quote:
Originally Posted by Vince
Посмотреть сообщение
If that symbol appears in your actual table then you did something wrong. Escaping is done only on special characters to prevent syntactical errors.
Nope,

mysql_real_escape_string puts a \ before ', "escaping it". In this way, the query won't recognize it as the end of the argument.

Example:

string = "Hit 'Em Up"

mysql_real_escape_string(string, result);

result = "Hit \'Em Up"

I think he needs displaying "result" as string, but if he's reading it from the query he'll have only "result". This means he haves to remove "\" character.

You can easily do a command like:

Код:
mysql_real_unescape_string(string[], result[]) {
   if(strcmp("\",result)) {
     // ... removes \ from the string.
   }
}
I'm not sure "\" character can be read from strcmp.
Find
Reply
playadeseville
Little Clucker
**
Posts: 11
Threads: 4
Joined: Apr 2015
Reputation: 0
#4

16.05.2015, 12:17
thx guys now i've understand!!
Find
Reply
rt-2
Huge Clucker
****
Posts: 342
Threads: 34
Joined: Jun 2011
Reputation: 0
#5

11.02.2017, 17:34
Quote:
Originally Posted by icra
Посмотреть сообщение
Nope,

mysql_real_escape_string puts a \ before ', "escaping it". In this way, the query won't recognize it as the end of the argument.

Example:

string = "Hit 'Em Up"

mysql_real_escape_string(string, result);

result = "Hit \'Em Up"

I think he needs displaying "result" as string, but if he's reading it from the query he'll have only "result". This means he haves to remove "\" character.

You can easily do a command like:

Код:
mysql_real_unescape_string(string[], result[]) {
   if(strcmp("\",result)) {
     // ... removes \ from the string.
   }
}
I'm not sure "\" character can be read from strcmp.
You need to use:

Код:
mysql_real_unescape_string(string[], result[]) {
   if(strcmp("\\",result)) {
     // ... replace "\\" with "\\\\"
   }
}
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help