[Sergei]

Example.

pawn Код:

public OnPlayerLogin(playerid, password[])
{
    format(query,sizeof(query),"SELECT * FROM `players` WHERE name=SOMENAME AND password='%s'",
        password);
    //...
}

Now if someone inputs

Quote:

haha' OR 'this' = 'this

query would look like

Код:

SELECT * FROM `players` WHERE name=SOMENAME AND password='haha' OR 'this' = 'this'

which would be always true, so player could login without knowing the password.

So escaping string would return the next result

Код:

haha\' OR \'this\' = \'this

and query wouldn't be true anymore, so you couldn't login with any password.

You can read many articles about SQL injections around the internet and how to prevent them.