Raised This Month: $ Target: $400
 0% 

get user name


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
aron9forever
Veteran Member
Join Date: Feb 2013
Location: Rromania
Old 06-19-2017 , 08:22   Re: get user name
Reply With Quote #1

Here's a stock for preventing mysql injection
It prevents all problems but requires a buffer size x3 the original size

here's how you use it

PHP Code:
    new nume[96];
    
get_user_name(idnumecharsmax(nume));
    
mysql_escape_string(numecharsmax(nume));
    
//nume is now safe to use in a query

stock mysql_escape_string(dest[], len) {
    
replace_all(destlen"\\""\\\\");
    
replace_all(destlen"\0""\\0");
    
replace_all(destlen"\n""\\n");
    
replace_all(destlen"\r""\\r");
    
replace_all(destlen"\x1a""\Z");
    
replace_all(destlen"'""\'");
    
replace_all(destlen"^"", "\^"");

theres no need to replace players names to be SQL safe, just filter every user input before running queries
I'll say it one more time; returning strings the way you're trying to is not supported in pawn
I doubt a full explanation of why would do you any good(and I can't give it to you because I don't know) but the fact that you can't find a single function that returns a string in the entirety of amxmodx should be a hint.
__________________
Meanwhile, in 2050:
Quote:
Originally Posted by aron9forever
useless small optimizations
Quote:
Originally Posted by Black Rose View Post
On a map that is 512x512x128 units you end up with 3,355,443,200,000 different "positions". To store each one of those positions individually in the variable "user_or" you need 12 terabytes of memory.

Last edited by aron9forever; 06-19-2017 at 08:35.
aron9forever is offline
PRoSToTeM@
Veteran Member
Join Date: Jan 2010
Location: Russia, Ivanovo
Old 06-19-2017 , 13:32   Re: get user name
Reply With Quote #2

Quote:
Originally Posted by aron9forever View Post
PHP Code:
stock mysql_escape_string(dest[], len) {
    
replace_all(destlen"\\""\\\\");
    
replace_all(destlen"\0""\\0");
    
replace_all(destlen"\n""\\n");
    
replace_all(destlen"\r""\\r");
    
replace_all(destlen"\x1a""\Z");
    
replace_all(destlen"'""\'");
    
replace_all(destlen"^"", "\^"");

It is incorrect. Just use SQL_QuoteString, don't write your own implementations.
__________________
PRoSToTeM@ is offline
Send a message via ICQ to PRoSToTeM@ Send a message via Skype™ to PRoSToTeM@
aron9forever
Veteran Member
Join Date: Feb 2013
Location: Rromania
Old 06-20-2017 , 07:03   Re: get user name
Reply With Quote #3

Quote:
Originally Posted by PRoSToTeM@ View Post
It is incorrect. Just use SQL_QuoteString, don't write your own implementations.
Not exactly my own implementation, it's extracted from AMXBans
__________________
Meanwhile, in 2050:
Quote:
Originally Posted by aron9forever
useless small optimizations
Quote:
Originally Posted by Black Rose View Post
On a map that is 512x512x128 units you end up with 3,355,443,200,000 different "positions". To store each one of those positions individually in the variable "user_or" you need 12 terabytes of memory.
aron9forever is offline
Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 22:44.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode