Here's a stock for preventing mysql injection
It prevents all problems but requires a buffer size x3 the original size
here's how you use it
PHP Code:
new nume[96];
get_user_name(id, nume, charsmax(nume));
mysql_escape_string(nume, charsmax(nume));
//nume is now safe to use in a query
stock mysql_escape_string(dest[], len) {
replace_all(dest, len, "\\", "\\\\");
replace_all(dest, len, "\0", "\\0");
replace_all(dest, len, "\n", "\\n");
replace_all(dest, len, "\r", "\\r");
replace_all(dest, len, "\x1a", "\Z");
replace_all(dest, len, "'", "\'");
replace_all(dest, len, "^"", "\^"");
}
theres no need to replace players names to be SQL safe, just filter every user input before running queries
I'll say it one more time; returning strings the way you're trying to is not supported in pawn
I doubt a full explanation of why would do you any good(and I can't give it to you because I don't know) but the fact that you can't find a single function that returns a string in the entirety of amxmodx should be a hint.
__________________