1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
Saving usernames with '(' or ')' in mysql
DeathTone
Big Clucker
***
Posts: 154
Threads: 13
Joined: Dec 2010
Reputation: 0
#1

01.08.2012, 06:12
I've come across an issue where when a player joins with a '(' or a ')' symbol in their username, it does not register the username for some reason, how can I fix this?

pawn Код:
format(query, sizeof(query), "INSERT INTO players (user) VALUES('%s')", pname);
mysql_query(query);
Find
Reply
DeathTone
Big Clucker
***
Posts: 154
Threads: 13
Joined: Dec 2010
Reputation: 0
#2

01.08.2012, 06:28
Nevermind, it does save, I guess it was just an issue with my player stats webpage.
Find
Reply
Johnson_boy
Huge Clucker
***
Posts: 215
Threads: 25
Joined: Mar 2011
Reputation: 0
#3

01.08.2012, 09:40
That's called mysql injection. You should always escape any user input.

A mean player could join with name '); TRUNCATE TABLE `players`, and it would delete all your users.

So take a look at function mysql_real_escape_string
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help