PHP Code:
#define SECURE_NAME_LEN 31 * 2 + 1 // Twice as long as name (31 * 2 + zero terminator) in case all 31 characters are insecure
GetSecureName(const name[])
{
new secureName[SECURE_NAME_LEN];
copy(secureName, charsmax(secureName), name);
replace_all(secureName, charsmax(secureName), "\", "\\");
replace_all(secureName, charsmax(secureName), "`", "\`");
replace_all(secureName, charsmax(secureName), "'", "\'");
return secureName;
}
Usage:
PHP Code:
new name[32];
get_user_name(client, name, charsmax(name));
SQL_ThreadQuery(Tuple, "OnQuery", "INSERT INTO Names VALUES('%s')", GetSecureName(name));
PHP Code:
new name[SECURE_NAME_LEN];
get_user_name(client, name, charsmax(name));
name = GetSecureName(name);