1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
mysql_real_escape_string
RedGun2015
Huge Clucker
****
Posts: 286
Threads: 55
Joined: Sep 2015
Reputation: 0
#1

24.10.2017, 15:54
Hello, I work to a commnad that applied only for offline users, i have something like this:
Код:
CMD:auninviteoff(playerid, params[])
{
    if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to log in first.");
	if(PlayerInfo[playerid][pAdmin] >= 4)
	{
		new id, fp, reason, string[MAX_STRING];
		if(sscanf(params, "s[30]is[64]", id, fp, reason)) return SCM(playerid, -1, "Usage: /auninviteoff [name] [fp] [reason]");
		mysql_real_escape_string(id, escape);
		mysql_format(SQL, string, sizeof string, "SELECT * FROM `users` WHERE `name` = '%s'", escape);
		mysql_tquery(SQL, string, "doUninviteAdminOff", "dsds", playerid, id, fp, reason);
	}
	return 1;
}
But i don't know if i need to use mysql_real_escape_string(id, escape); if i already call the function using mysql_tquery. Or to use in the function
Код:
function doUninviteAdminOff(playerid, id, fp, reason[]) { mysql_real_escape_string(id, escape); }
Basically, the commnad i used to change didn't call any function it was just a command and now I want to call a function to be more quickly when I use this function from somewhere else.

If someone can help, please post here.
Find
Reply
Abagail
High-roller
*****
Posts: 3,133
Threads: 71
Joined: Dec 2013
Reputation: 0
#2

24.10.2017, 15:56
mysql_format doesn't automatically escape strings, so don't assume it does. However mysql_format does offer an 'e' specifier for strings that handles escaping in-line.

So instead of "WHERE name = '%s'", you can use "WHERE name = '%e'", no need for mysql_real_escape_string if you use this. Note that this doesn't work with the regular format function within SA-MP (not that you should be using it for SQL queries anyway).
Find
Reply
RedGun2015
Huge Clucker
****
Posts: 286
Threads: 55
Joined: Sep 2015
Reputation: 0
#3

25.10.2017, 11:53
Quote:
Originally Posted by Abagail
Посмотреть сообщение
mysql_format doesn't automatically escape strings, so don't assume it does. However mysql_format does offer an 'e' specifier for strings that handles escaping in-line.

So instead of "WHERE name = '%s'", you can use "WHERE name = '%e'", no need for mysql_real_escape_string if you use this. Note that this doesn't work with the regular format function within SA-MP (not that you should be using it for SQL queries anyway).
Thanks for answer!
Find
Reply
CodeStyle175
Banned
Posts: 455
Threads: 29
Joined: Apr 2014
#4

25.10.2017, 14:35
pls stop using this check in every command waste of time
if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to log in first.");
and also every query doesnt need to threaded
PHP код:
new Cache:cq=mysql_query(SQL,s);
///
cache_delete(cq); 
PHP код:
public OnPlayerCommandReceived(playerid,cmdtext[]){
    if(!gPlayerLogged[playerid]){
        SendClientMessage(playeridCOLOR_LIGHTRED"You need to log in first.");
        return 0;
    }
    return 1;

Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help