1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help
  4. Help Archive

Linear Mode
mysql_real_escape_string...
bogeymanEST
Big Clucker
***
Posts: 149
Threads: 8
Joined: Sep 2007
Reputation: 0
#2

07.01.2010, 05:53
The function searches for quotes (', ") in the provided string and removes them. Here's an example:
Let's say you use this MySql query to get someone's user stuff:
Код:
SELECT * FROM users WHERE name='John'
If someone fond out the query, he could easily drop the table by changing his name, so the query might become:
Код:
SELECT * FROM users WHERE name='John'; DROP TABLE users; SELECT * FROM data WHERE 't'='t'
So now his name is
Код:
John'; DROP TABLE users; SELECT * FROM data WHERE 't'='t
Which obviously is a problem, mysql_real_escape_string removes the quotes, which prevents these things from happening.
Read more on SQL injection
Find
Reply
« Next Oldest | Next Newest »


Messages In This Thread
mysql_real_escape_string... - by Miguel - 06.01.2010, 22:14
Re: mysql_real_escape_string... - by bogeymanEST - 07.01.2010, 05:53
Re: mysql_real_escape_string... - by Miguel - 08.01.2010, 00:25

Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help
  4. Help Archive