Raised This Month: $ Target: $400
 0% 

Escape MySQL dangerous symbols


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Author Message
V I R U S
Senior Member
Join Date: Jul 2004
Location: Russia / Germany
Old 09-29-2012 , 17:44   Escape MySQL dangerous symbols
Reply With Quote #1

Hello everybody.

I've created simple SQL logger, to log all chat and actions. Certainly i noticed that few events doesn't appear in MySQL database. The reason of that, was the ' symbol, which acts as delimiter in the insert command.

My part of plugin looks that way
PHP Code:
...
  new 
authid[32], name[32], ip[16
  
get_user_authid(idauthid31)
  
get_user_name(idname31)
  
get_user_ip(idip151)

  new 
currentTime get_systime(0)

  new 
query[1001]
  
format(query1000"INSERT into gamechat VALUES ('','%s','%s','%s','%s','%i','%i','%s')"get_serverPort(), nameauthidipcs_get_user_team(id), currentTimemessage)
... 
I know, that i might replace all ' in VALUES, so that it will not act like delimiter, but then there will be the same problem with " symbol.

Is there a good way to escape "all" dangerous symbols in nicknames and messages before insert statement?

Thanks!
__________________

Last edited by V I R U S; 09-29-2012 at 17:44.
V I R U S is offline
Send a message via ICQ to V I R U S
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:11.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode