20.02.2014, 04:23
(
Последний раз редактировалось PowerPC603; 20.02.2014 в 05:18.
)
Since the inputted password is hashed using Whirlpool, you only get a long string of 128 characters as a result.
Such a hash only consists of characters from A-Z and numbers 0-9.
There won't be any character in it that needs to be escaped, so you can safely use %s.
Even if the player entered a password like "; DROP TABLE joueurs" that could delete your table, the entire string is converted into a hashed one and SQL injection is automatically avoided.
Such a hash only consists of characters from A-Z and numbers 0-9.
There won't be any character in it that needs to be escaped, so you can safely use %s.
Even if the player entered a password like "; DROP TABLE joueurs" that could delete your table, the entire string is converted into a hashed one and SQL injection is automatically avoided.