[AiRaLoKa]

Quote:

Originally Posted by Konstantinos https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format and https://sampwiki.blast.hk/wiki/MySQL/R33..._escape_string (read the important note, it says about mysql_format).

i found this

Quote:

Description: Allows you to format a string which you can safely use in a query.

and this

pawn Код:

new query[128];
mysql_format(MySQL, query, sizeof(query), "SELECT * FROM `%s` WHERE `bar` = '%e' AND `foobar` = '%f' LIMIT %d", "foobar", "escape'me\"please", 1.2345, 1337);
// the variable 'query' contains now the formatted query (including the escaped string)
mysql_tquery(MySQL, query, "OnStuffSelected", "");

on the mysql_escape_string

Quote:

Always use this function (if you don't use mysql_format() with the '%e' specifier) before inserting user inputs in a query. You can be victim of a SQL injection if you do not do so.

it's mean that mysql_format is much safer than traditional format?
is that true?