[NeXoR]

Hey guys, I want to withdraw all accounts which contains the following entered name, I tried using '%%%e%%' and it didn't go well.
I used a regular format and inserted it into mysql format, here is my code

PHP код:

    format(string, sizeof(string), "%%%s%%", name);
    mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%e' LIMIT %d", name, amount);
    print(query); 


How can I solve this ?

Here is the query for the `name` - "erer":

Код:

SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE 'erer' LIMIT 2

[jlalt]

try doing dat sir:

PHP код:

mysql_escape_string(name, string); 


then

PHP код:

mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%%%s%%' LIMIT %d", string, amount); 
print(query); 


however in your code you was formating string and using name instead of string .-.

Код:

format(string, sizeof(string), "%%%s%%", name); 
    mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%e' LIMIT %d", name, amount); 
    print(query);

its supposed to be:

PHP код:

format(string, sizeof(string), "%%%s%%", name); 
    mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%e' LIMIT %d", string, amount); 
    print(query); 


[NeXoR]

Quote:

Originally Posted by jlalt try doing dat sir: PHP код: mysql_escape_string(name, string);  then PHP код: mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%%%s%%' LIMIT %d", string, amount);  print(query);  however in your code you was formating string and using name instead of string .-. Код: format(string, sizeof(string), "%%%s%%", name); mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%e' LIMIT %d", name, amount); print(query); its supposed to be: PHP код: format(string, sizeof(string), "%%%s%%", name);      mysql_format(mysql, query, sizeof(query), "SELECT `Username`, `Registration`, `IP`, `Score` FROM `Users` WHERE `Username` LIKE '%e' LIMIT %d", string, amount);      print(query);

Works smoothly mate, thank you
BTW, Escaping a string actually makes it longer or shorter ?
P.S Can't rep sorry

[Konstantinos]

Longer, 2 * <string to escape> + 1 in the worst case (all characters to be escaped).

[NeXoR]

Quote:

Originally Posted by Konstantinos Longer, 2 * <string to escape> + 1 in the worst case (all characters to be escaped).

Thank you