Thread: Automaticaly escape the characters that need to be for sql query
View Single Post
hleV
Veteran Member
hleV's Avatar
Join Date: Mar 2007
Location: Lithuania
Old 12-07-2012 , 12:57   Re: Automaticaly escape the characters that need to be for sql query
Reply With Quote #7
PHP Code:
#define SECURE_NAME_LEN 31 * 2 + 1 // Twice as long as name (31 * 2 + zero terminator) in case all 31 characters are insecure

GetSecureName(const name[])
{
    new secureName[SECURE_NAME_LEN];
    copy(secureNamecharsmax(secureName), name);
    
    replace_all(secureNamecharsmax(secureName), "\", "\\");
    replace_all(secureName, charsmax(secureName), "`", "\`");
    replace_all(secureName, charsmax(secureName), "'", "\'");
    
    return secureName;
Usage:
PHP Code:
new name[32];
get_user_name(clientnamecharsmax(name));
SQL_ThreadQuery(Tuple"OnQuery""INSERT INTO Names VALUES('%s')"GetSecureName(name)); 
PHP Code:
new name[SECURE_NAME_LEN];
get_user_name(clientnamecharsmax(name));
name GetSecureName(name); 
hleV is offline