1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
Preventing mysql Injection
ReshiramZekrom
Big Clucker
***
Posts: 132
Threads: 19
Joined: May 2012
Reputation: 0
#1

03.10.2016, 17:26
Hi.

How to prevent Mysql Injection?

I have to use mysql_escape_string() or I can simply do something like this:

PHP код:
format(Querysizeof(Query), "SELECT * FROM `users` WHERE `Nome` = '%e'"name); 
Thank you for the help
Find
Reply
Stinged
High-roller
*****
Posts: 1,578
Threads: 15
Joined: Feb 2013
Reputation: 0
#2

03.10.2016, 17:55
Use %e with mysql_format, %q with format.
Find
Reply
ReshiramZekrom
Big Clucker
***
Posts: 132
Threads: 19
Joined: May 2012
Reputation: 0
#3

03.10.2016, 18:08
Quote:
Originally Posted by Stinged
Посмотреть сообщение
Use %e with mysql_format, %q with format.
Using mysql_escape_string() it's the same thing of using %q instead of %s, right?
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help