Anti SQL Injection, how it works on samp

Hi I'm kinda new to this so I'm asking you people how can I protect my server from sql injections ? I do have a gamemode (just playing with it around) and saw some people talking about sql injections, so I began to get worried a bit

I looked over internet and saw a Injection in /changepass :
 ', playerMoney = '1' WHERE playerName = 'x' #
, I tried to do it on my server and didn't work, yay. My question is how can someone inject in your DB ? (commands, etc) and yet how do I protect it ? I don't want a tutorial tho, just for general knowledge.

Thank you !!

With SQLIte use %q for strings in format(), with MySQL use %e for strings in mysql_format. That's sufficient. In other languages (e.g. PHP) use prepared queries.

Interactive demo:

Yeah... figured out I have %s vulnerability and it crashes my server :S

mind helping me please? I added this below the last #include

I tried to add this static const antisqlinjection[][] = {

and this to public OnDialogResponse, right below public OnDialogResponse(playerid, dialogid, response, listitem, inputtext[])

for(new i; i < sizeof(antisqlinjection); i++)
if(strfind(inputtext, antisqlinjection[i], true) != -1)
SCM(playerid, COLOR_YELLOW, " There are also allowed characters.");
return 1;

I can make another thread if needed, but please help :S the compiler just crashes.

mysql_real_escape_string or mysql_format with %e for user input strings.

Forum Jump:

Users browsing this thread: 1 Guest(s)