30.01.2014, 18:01
Format is good overall.
MySQL_format is usefull for creating queries for MySQL.
Format doesn't support %e, mysql_format does.
The %e is used for escaping strings to prevent mysql-injections.
It's basically identical to using mysql_real_escape_string.
The difference is that you first need to escape a string and store it in a variable, then insert the variable in a format, so you need 2 instructions to create escaped queries using format.
Using mysql_format and %e only requires 1 instruction so your code gets shorter and less complex.
As for speed, I haven't checked this yet.
MySQL_format is usefull for creating queries for MySQL.
Format doesn't support %e, mysql_format does.
The %e is used for escaping strings to prevent mysql-injections.
It's basically identical to using mysql_real_escape_string.
The difference is that you first need to escape a string and store it in a variable, then insert the variable in a format, so you need 2 instructions to create escaped queries using format.
pawn Code:
new EscapedName[30], Query[128], Name[24];
GetPlayerName(playerid, Name, sizeof(Name));
mysql_real_escape_string(Name, EscapedName, ConnectionHandle);
format(Query, sizeof(Query), "INSERT INTO playerdata (PlayerName) VALUES ('%s')", EscapedName);
pawn Code:
new Query[128], Name[24];
GetPlayerName(playerid, Name, sizeof(Name));
mysql_format(ConnectionHandle, Query, sizeof(Query), "INSERT INTO playerdata (PlayerName) VALUES ('%e')", Name);