1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Linear Mode
Small SQL problem
HarrisonC
Big Clucker
***
Posts: 72
Threads: 9
Joined: Aug 2012
Reputation: 0
#4

07.01.2016, 23:41
Quote:
Originally Posted by AmigaBlizzard
Посмотреть сообщение
Don't use "%s" for a player's name, always use %e to prevent mysql injections.
If a player would enter a name like
PHP код:
";DROP TABLE players;" 
, your database is gone without warning if you use %s for user-inputted text.

As for the problem, %i or %d would be fine as Harrison said, without the ' around it.
You only need to use a value between ' when it's a string.
Assumed he would've escaped the string beforehand.
I like to do that just to be sure
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
Small SQL problem - by TwinkiDaBoss - 07.01.2016, 21:09
Re: Small SQL problem - by HarrisonC - 07.01.2016, 21:22
Re: Small SQL problem - by AmigaBlizzard - 07.01.2016, 22:22
Re: Small SQL problem - by HarrisonC - 07.01.2016, 23:41
Re: Small SQL problem - by TwinkiDaBoss - 08.01.2016, 22:26

Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help