[BittleRyan]

pawn Код:

new hashed[150], query[500];
WP_Hash(hashed, sizeof(hashed),inputtext);
mysql_real_escape_string(inputtext, hashed);
GetPlayerName(playerid, pInfo[playerid][pName], 24);
format(query, sizeof(query), "INSERT INTO `playerdata`(`user`, `password`, `age`, `email`) VALUES ('%s','%s',19,'noemail@yahoo.com')", pInfo[playerid][pName], hashed);
mysql_query(query);

Would this be the correct way to hash a password as well as prevent injection? Or if you are hashing it, do you even need to escape it?

[Patrick]

this is from my script. i think you dont need to escape it. as my one works fine. but wait for other people answer to get more ideas and suggestions

Taken From My Script

pawn Код:

new temppass[129];
WP_Hash(temppass, 129,inputtext);
format(Query,sizeof(Query),"INSERT INTO `users` (Username, Password) VALUES ('%s', '%s')",PlayerName(playerid),temppass);
mysql_query(Query);

[Scenario]

A whirlpool hash turns everything into a bunch of (seemingly) random letters and numbers. If you hash "DROP TABLE `accounts`", it's going to look something like this: SA2X28SH1S129DH12D8129EHD1289ED12H

So, there's no point in wasting the resources to escape the string.

[BittleRyan]

Quote:

Originally Posted by RealCop228 A whirlpool hash turns everything into a bunch of (seemingly) random letters and numbers. If you hash "DROP TABLE `accounts`", it's going to look something like this: SA2X28SH1S129DH12D8129EHD1289ED12H So, there's no point in wasting the resources to escape the string.

Was thinking that, thanks.