Simple Question
#1

Hi all...

i have a question here...
which is better to formatting my mysql query? format or mysql_format?

and what is the different?
Reply
#2

I typically see it (and it's how I use it) as format. It's simply the way I learned so I know it works. I'm sure it's relatively the same and does the same thing, just possibly different syntax's.
Reply
#3

QUESTION: Why MySQL is better than the deafult one? And for me MYSQL is very hard to script -_-
Reply
#4

Quote:
Originally Posted by Trynda
Посмотреть сообщение
QUESTION: Why MySQL is better than the deafult one? And for me MYSQL is very hard to script -_-
I do not believe that the MYSQL_format is any better than regular formatting, it's just less lines of code. Just do a traditional format
pawn Код:
new string[128];
format(string, sizeof(string), "pCash = %d", pInfo[playerid][pCash]);
mysql_query(string) //this line isn't exact, it's just to get the point across
Reply
#5

Quote:
Originally Posted by nmader
Посмотреть сообщение
I do not believe that the MYSQL_format is any better than regular formatting, it's just less lines of code. Just do a traditional format
pawn Код:
new string[128];
format(string, sizeof(string), "pCash = %d", pInfo[playerid][pCash]);
mysql_query(string) //this line isn't exact, it's just to get the point across
thats why i made this thread, i don't believe that mysql_format has any better function. and i know that mysql_format has longer syntax than the traditional format.
is there any other different?

btw, your code is wrong(for me. becouse i use mysql_r38 :P).
Reply
#6

https://sampwiki.blast.hk/wiki/MySQL/R33#mysql_format and https://sampwiki.blast.hk/wiki/MySQL/R33..._escape_string (read the important note, it says about mysql_format).
Reply
#7

Quote:
Originally Posted by Konstantinos
Посмотреть сообщение
i found this

Quote:

Description:
Allows you to format a string which you can safely use in a query.

and this

pawn Код:
new query[128];
mysql_format(MySQL, query, sizeof(query), "SELECT * FROM `%s` WHERE `bar` = '%e' AND `foobar` = '%f' LIMIT %d", "foobar", "escape'me\"please", 1.2345, 1337);
// the variable 'query' contains now the formatted query (including the escaped string)
mysql_tquery(MySQL, query, "OnStuffSelected", "");
on the mysql_escape_string

Quote:

Always use this function (if you don't use mysql_format() with the '%e' specifier) before inserting user inputs in a query. You can be victim of a SQL injection if you do not do so.

it's mean that mysql_format is much safer than traditional format?
is that true?
Reply
#8

It escapes the special characters and it prevents you from being victim of SQL injection so yes - it's safer to use it.
Reply
#9

Quote:
Originally Posted by Konstantinos
Посмотреть сообщение
It escapes the special characters and it prevents you from being victim of SQL injection so yes - it's safer to use it.
nice...
i should use it from now...
thank's Konstantinos
Reply


Forum Jump:


Users browsing this thread: 4 Guest(s)