1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
Is it safe to include an un-escaped query into SQLite's query?
Meller
Banned
Posts: 578
Threads: 40
Joined: Dec 2016
#1

09.10.2017, 18:25
I'm not great with SQLite, but as I'm aware of MySQL, you can escape any string you're using in a query within the database in order to prevent SQL injections from such as names, inputs, and all those etcetera. This can be done using mysql_escape_string and mysql_format, (from BlueG's plugin and its MySQL library, as well as (handle)->real_escape_string() in PHP5). So my question is, how will it be safe to escape a string to be used with SQLite without taking parts of another plugin such as BlueG's.

I've not found any function like this by browsing the a_sampdb.inc.
Find
Reply
Konstantinos
Spam Machine
*****
Posts: 11,827
Threads: 33
Joined: Dec 2011
Reputation: 0
#2

09.10.2017, 18:27
%q specifier in format function.
Find
Reply
Meller
Banned
Posts: 578
Threads: 40
Joined: Dec 2016
#3

09.10.2017, 18:28
Quote:
Originally Posted by Konstantinos
Посмотреть сообщение
%q specifier in format function.
Oh well, as simple as it gets! ;3

Thanks, appreciate it.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help