1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Linear Mode
sscanf
PowerPC603
High-roller
*****
Posts: 1,733
Threads: 20
Joined: Nov 2010
Reputation: 0
#6

10.01.2015, 18:44
Even if sscanf won't escape text entered by a player, when you use the variable's contents in a query, escape it using the %e identifier instead of %s inside mysql_format.

Something like this:
pawn Код:
if (sscanf(params, "s[25]", VariableFP[ playerid ] ))
{
    mysql_format(SQL_db, Query, sizeof(Query), "UPDATE playerdata SET VarFP = '%e' WHERE ID = '%i'", VariableFP[playerid], ID);
    mysql_tquery(SQL_db, Query, "", "");
    return 1;
}
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
sscanf - by Banditukas - 10.01.2015, 17:41
Re: sscanf - by bgedition - 10.01.2015, 17:48
Re: sscanf - by Banditukas - 10.01.2015, 17:52
Re: sscanf - by bgedition - 10.01.2015, 18:09
Re: sscanf - by Banditukas - 10.01.2015, 18:16
Re: sscanf - by PowerPC603 - 10.01.2015, 18:44
Re: sscanf - by Banditukas - 10.01.2015, 19:05
Re: sscanf - by bgedition - 10.01.2015, 19:16

Forum Jump:


Users browsing this thread: 3 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help