[Norn]

Quote:

Originally Posted by AndrewP Quote: Originally Posted by Faraday Quote: Originally Posted by DavidC Great tutorial, although I think it might be worth mentioning mysql_real_escape_string for things like passwords and other user inputted strings. Since I haven't used mysql_real_escape_string, can you explain it to me? If it's really important to know, I can add it to the tutorial. Not really important to know, since I don't think it's possible to SQL inject through SA-MP. But it's a function in PHP that allows a person to protect a form from SQL injection (a form of hacking where a hacker can use a SQL query to withdraw data from the database). And I have a suggestion: Code: mysql_query("SELECT `password` FROM `users` WHERE `username` = '%s'",PlayerName); They'll have to MD5 hash the string that they are comparing it to so it compares correctly. I think you should mention that. Thanks

Of course it is if they change there password string they could use it to sql inject.