[rymax99]

Quote:

Originally Posted by PrO.GameR Because every string you send into SQLs are a potential query (even when you are trying to store a string using a query), they can be manipulated to inject into your SQL, inserting data you don't want, retrieving or updating them, leading to many things, worst is losing whole data you got It's rare in sa-mp, but still better be safe than sorry As a role of thumb, whenever you want to save any string a player inserted ( user, pass etc.) escape them, it's not necessary to escape what you write in your own pawn code

Rare? If you run a server of any kind of decent size for any extended period of time, you'll find out very quickly that it's not all that rare. Or, you won't find out and you'll just wonder how Jim Jones with 1 playing hours keeps getting $900m.

Worst case here is your database being dumped and posted online. If you don't have some kind of(preferably automatic) backup mechanism in place when your server is of decent size, then you deserve what you get.