Login

ScIrUsna · 06.05.2016, 03:39

If i do mysql escape and i write it in other variable escape exit's or no?

Код:

new escapestring[ 50 ];

mysql_real_escape_string(escapestring,escapestring);

new otherstring[ 50 ];

format(otherstring,49,"%s", escapestring);

~~KevinReinke~~ · 06.05.2016, 03:42

Yes, it does.

ScIrUsna · 06.05.2016, 04:22

You mean i don't need to do another escape like:

Код:

format(otherstring,49,"%s", escapestring);

and

mysql_real_escape_string(otherstring,otherstring);

~~KevinReinke~~ · 06.05.2016, 05:01

You should basically only escape inputs.

You're better off leaving that function aside. And when you are going to execute a query that has custom inputs in it, use the %q specifier (escapes the string placed in the parameter), instead of the %s specifier.

The %q specifier is built into the native format.

ScIrUsna · 06.05.2016, 05:14

But i heard i have to escape everything i write into database update,select,delect queries any collum is text and player can write

itsCody · 06.05.2016, 05:27

use mysql_format and use %e to escape.

~~KevinReinke~~ · 06.05.2016, 05:30

Quote:

Originally Posted by ScIrUsna

But i heard i have to escape everything i write into database update,select,delect queries any collum is text and player can write

You only have to escape strings that players have inputted/specified.

ScIrUsna · 06.05.2016, 06:53

Yes, but i don't understand with first question, when i write escaped text in other variable i need reescape again?

Login
Username:
Password:	Lost Password?
	Remember me