23.03.2014, 19:53
hi all , i have a problem with "hackers" all times delete my accounts by using drop table..... all what i want to know...is how to make to check if inputtext have or not space ... anyone can help me please ?
Space in Inputtext
23.03.2014, 19:57
It's called mySQL injection. You need to use mysql_real_escape_string on inputtext.
23.03.2014, 20:07
i use SQLite , and he/she use 1 command to put this string 
command is /movestats and this command have accest at my database , and if any1 type this string "drop...." or "update" or something like this , it will execute this in database and for this i want to check if any1 use space , to can't use or...if in inputtext is this "'; UPDATE users....." or "\inj "Jay'; DROP...."
command is /movestats and this command have accest at my database , and if any1 type this string "drop...." or "update" or something like this , it will execute this in database and for this i want to check if any1 use space , to can't use or...if in inputtext is this "'; UPDATE users....." or "\inj "Jay'; DROP...."
23.03.2014, 20:09
pawn Код:
stock DB_Escape(text[])
{
new
ret[80* 2],
ch,
i,
j;
while ((ch = text[i++]) && j < sizeof (ret))
{
if (ch == '\'')
{
if (j < sizeof (ret) - 2)
{
ret[j++] = '\'';
ret[j++] = '\'';
}
}
else if (j < sizeof (ret))
{
ret[j++] = ch;
}
else
{
j++;
}
}
ret[sizeof (ret) - 1] = '\0';
return ret;
}
23.03.2014, 20:15
You don't need to check for spaces. You need to escape the string. It appears SQLite package doesn't have this function though.
You'll need to define it yourself: https://sampwiki.blast.hk/wiki/Escaping_Strings_SQLite
EDIT: newbienoob beat me to it. Fucking post limit ;_;
You'll need to define it yourself: https://sampwiki.blast.hk/wiki/Escaping_Strings_SQLite
EDIT: newbienoob beat me to it. Fucking post limit ;_;
23.03.2014, 20:59
ty , but i allready use db_escape , but at inputtext idk how / where to add this ... becouse i use db_escape only here
BUD::GetNameUID(DB_Escape(inputtext));
BUD::GetNameUID(DB_Escape(PlayerName(playerid)));
and... here
if(BUD::IsNameRegistered(inputtext) == false) return
SendClientMessage(playerid, red, "ERROR: The nickname that you Specified doesn't have an Account!");
EDIT: solved , ty for help +rep i maked
if(BUD::IsNameRegistered(DB_Escape(inputtext)) == false) return
SendClientMessage(playerid, red, "ERROR: The nickname that you Specified doesn't have an Account!");
BUD::GetNameUID(DB_Escape(inputtext));
BUD::GetNameUID(DB_Escape(PlayerName(playerid)));
and... here
if(BUD::IsNameRegistered(inputtext) == false) return
SendClientMessage(playerid, red, "ERROR: The nickname that you Specified doesn't have an Account!");
EDIT: solved , ty for help +rep i maked
if(BUD::IsNameRegistered(DB_Escape(inputtext)) == false) return
SendClientMessage(playerid, red, "ERROR: The nickname that you Specified doesn't have an Account!");
« Next Oldest | Next Newest »
Users browsing this thread: 1 Guest(s)