[DRIFT_HUNTER]

Im not sure how to use escape string's cos i dont know the way they working
So if someone can give me an CORRECT example and EXPLAIN sql escape string's i will be grateful

Here is how i use them but i dont think its correct:

pawn Код:

new Query[128],QueryEsc[128];
    format(Query, sizeof(query),"SELECT * FROM `samp_users` WHERE `UserName`='%s' AND `Password`='%s'", UserNameString, PasswordString);
    mysql_query(Query);
    mysql_real_escape_string(Query, QueryEsc);
    mysql_store_result();
    if(mysql_num_rows())
    {
        mysql_fetch_row_format(Query);
        printf("%s", Query);
    }

Please do not try to help if you just THINK you know these.Thx

[Hiddos]

Basically escaping a string is used to prevent SQL injection by adding a backslash to SQL statements found in a string, so they will not interrupt the query. Your problem is that you use escape the query, disabling ALL statements. You only need to escape the input.

[DRIFT_HUNTER]

So in these case i only need to escape UserNameString and PasswordString?

pawn Код:

mysql_real_escape_string(UserNameString , UserNameStringEscape);
mysql_real_escape_string(PasswordString, PasswordStringEscape);
mysql_query(................

These is right?

[Hiddos]

Yerp (Don't forget still formatting the query ). AFAIK, you can escape a string to the same string, like:

pawn Код:

mysql_real_escape_string(UserNameString , UserNameString);
mysql_real_escape_string(PasswordString, PasswordString);

[DRIFT_HUNTER]

Quote:

Originally Posted by Hiddos Yerp (Don't forget still formatting the query ). AFAIK, you can escape a string to the same string, like: pawn Код: mysql_real_escape_string(UserNameString , UserNameString); mysql_real_escape_string(PasswordString, PasswordString);

Thank you very much for helping me understand these