[Miguel]

What does mysql_real_escape_string do? I just searched a bit but I didn't really understand what is it for. I use it like:

pawn Код:

mysql_real_escape_string(PlayerInfo[playerid][PlayerName], PlayerInfo[playerid][PlayerName]);

But I don't even know why :P... explain please? kthnx bye bye.

[bogeymanEST]

The function searches for quotes (', ") in the provided string and removes them. Here's an example:
Let's say you use this MySql query to get someone's user stuff:

Код:

SELECT * FROM users WHERE name='John'

If someone fond out the query, he could easily drop the table by changing his name, so the query might become:

Код:

SELECT * FROM users WHERE name='John'; DROP TABLE users; SELECT * FROM data WHERE 't'='t'

So now his name is

Код:

John'; DROP TABLE users; SELECT * FROM data WHERE 't'='t

Which obviously is a problem, mysql_real_escape_string removes the quotes, which prevents these things from happening.
Read more on SQL injection

[Miguel]

That's what I thought, cleaning the string...

Thanks!