mysql_real_escape_string
#1

Hello, I work to a commnad that applied only for offline users, i have something like this:
Код:
CMD:auninviteoff(playerid, params[])
{
    if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to log in first.");
	if(PlayerInfo[playerid][pAdmin] >= 4)
	{
		new id, fp, reason, string[MAX_STRING];
		if(sscanf(params, "s[30]is[64]", id, fp, reason)) return SCM(playerid, -1, "Usage: /auninviteoff [name] [fp] [reason]");
		mysql_real_escape_string(id, escape);
		mysql_format(SQL, string, sizeof string, "SELECT * FROM `users` WHERE `name` = '%s'", escape);
		mysql_tquery(SQL, string, "doUninviteAdminOff", "dsds", playerid, id, fp, reason);
	}
	return 1;
}
But i don't know if i need to use mysql_real_escape_string(id, escape); if i already call the function using mysql_tquery. Or to use in the function
Код:
function doUninviteAdminOff(playerid, id, fp, reason[]) { mysql_real_escape_string(id, escape); }
Basically, the commnad i used to change didn't call any function it was just a command and now I want to call a function to be more quickly when I use this function from somewhere else.

If someone can help, please post here.
Reply
#2

mysql_format doesn't automatically escape strings, so don't assume it does. However mysql_format does offer an 'e' specifier for strings that handles escaping in-line.

So instead of "WHERE name = '%s'", you can use "WHERE name = '%e'", no need for mysql_real_escape_string if you use this. Note that this doesn't work with the regular format function within SA-MP (not that you should be using it for SQL queries anyway).
Reply
#3

Quote:
Originally Posted by Abagail
Посмотреть сообщение
mysql_format doesn't automatically escape strings, so don't assume it does. However mysql_format does offer an 'e' specifier for strings that handles escaping in-line.

So instead of "WHERE name = '%s'", you can use "WHERE name = '%e'", no need for mysql_real_escape_string if you use this. Note that this doesn't work with the regular format function within SA-MP (not that you should be using it for SQL queries anyway).
Thanks for answer!
Reply
#4

pls stop using this check in every command waste of time
if(gPlayerLogged[playerid] == 0) return SendClientMessage(playerid, COLOR_LIGHTRED, "You need to log in first.");
and also every query doesnt need to threaded
PHP код:
new Cache:cq=mysql_query(SQL,s);
///
cache_delete(cq); 
PHP код:
public OnPlayerCommandReceived(playerid,cmdtext[]){
    if(!
gPlayerLogged[playerid]){
        
SendClientMessage(playeridCOLOR_LIGHTRED"You need to log in first.");
        return 
0;
    }
    return 
1;

Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)