[Konstantinos]

Quote:

Originally Posted by Nin9r It must be escaped? Do you wanna say that i can use %e like Код HTML: format(saveQuery, sizeof(saveQuery), "UPDATE playeraccounts SET playerCarKM = '%e' WHERE playerID = '%d'",PlayerData[playerid][pCarKM],PlayerData[playerid][pInternalID]); mysql_tquery(handle,saveQuery); instead %d, %f (float ) or any type? PS: I searched INPUTTEXT on the entire GM and all the strings are escaped. How can I see where's the problem?

Every string given by a user MUST be escaped before executing a query with it. Either be inputtext from a dialog or params from a command.

No, you cannot use it like that. Strings are for string, integers for integers and so on.

What is the problem in the first place, were you a victim of SQL Injection?