CODERS - Use format() correctly! Or I will beat you! - Page 3

VEN · 02-27-2006 , 09:24

Quote:

Originally Posted by mysticssjgoku4

what if I had just one extra % in there? Is that ok?

Example: I want this to read as a percent.

Code:

format(string,sizeof(string),"Percent: %i%",number)
client_print(id,print_chat,string)

Well, i believe it should be

Code:

format(string,sizeof buffer,"Percent: %i%%",number)
client_print(id,print_chat,"%s",string)

Marticus · 02-27-2006 , 11:06

So, what is a way to prevent the security risk of passing user supplied strings?

Xanimos · 02-27-2006 , 12:04

Do what is said....

Code:

new ClientSaid[46]
read_args(ClientSaid , 45)
client_print( id , print_chat , "%s" , ClientSaid)

instead of

Code:

new ClientSaid[46]
read_args(ClientSaid , 45)
client_print( id , print_chat , ClientSaid)

Marticus · 02-27-2006 , 18:17

Well, that's how I've been doing it because I didn't know it could be done the other way

However, I'll keep this in mind if I am looking at other people's code (OPC), ahh yeah.