Hello everybody.
I've created simple SQL logger, to log all chat and actions. Certainly i noticed that few events doesn't appear in MySQL database. The reason of that, was the ' symbol, which acts as delimiter in the insert command.
My part of plugin looks that way
PHP Code:
...
new authid[32], name[32], ip[16]
get_user_authid(id, authid, 31)
get_user_name(id, name, 31)
get_user_ip(id, ip, 15, 1)
new currentTime = get_systime(0)
new query[1001]
format(query, 1000, "INSERT into gamechat VALUES ('','%s','%s','%s','%s','%i','%i','%s')", get_serverPort(), name, authid, ip, cs_get_user_team(id), currentTime, message)
...
I know, that i might replace all ' in VALUES, so that it will not act like delimiter, but then there will be the same problem with " symbol.
Is there a good way to escape "all" dangerous symbols in nicknames and messages before insert statement?
Thanks!
__________________