Where to use mysql_real_escape_string
#1

Hello,
I started to change my mode to using MySQL .
But I don't understand where to use the func - mysql_real_escape_string
Everytime when player text(onplayertext,dialogs,onplayercommandtext)
Or only when we take a input to mysql from the player?
Reply
#2

Well...whenever I want to store some player data in my mysql I use the "INSERT INTO" function...I'm more accustomed to it as for that function I am not really sure where to use it.
Reply
#3

mysql_real_escape_string is a function for avoid SQL injection http://it.wikipedia.org/wiki/SQL_injection

You have to use it when a player input a text directly to a query

EXAMPLE:

pawn Code:
new escapedtext[128];
mysql_real_escape_string(inputfromplayer, escapedtext);
myquerywithformat("INSERT INTO something (yea) VALUES('%s')",escapedtext);
Reply
#4

Usefull stock:
instead of typing mysql_real_escape_string all the time
pawn Code:
stock EscapeString(const string[])
{
    new escpass[128];
    mysql_real_escape_string(string, escpass);
    return escpass;
}
Reply
#5



Just like people who use SCM for SendClientMessage. Just type it out already.
Reply
#6

Actually write SendClientMessage is more faster than SCM, the S and C are to close, and my fingers are like "aaargh"
Reply
#7

So InPlayerText I don;t need to put this?
cuz in wiki samp theri example are in OnPlayerText
Reply
#8

If you send a query with the player text yea you do
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)