Raised This Month: $ Target: $400
 0% 

mysql escaping and admin authentication


  
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
danielkza
AMX Mod X Plugin Approver
Join Date: May 2007
Location: São Paulo - Brasil
Old 09-12-2008 , 12:49   Re: mysql escaping and admin authentication
Reply With Quote #4

Quote:
Originally Posted by djh View Post
thank you for the info, i have some problems using those however:
I'm having a hard time figuring out how to use SQL_QuoteStringFmt, it returns the length of the new string or -1 on failure. so in my example i tried to escape g_admin_joined but i got all sorts of errors such as :
Code:
[SQLERROR]: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'\' , NOW( ) , \'g#\' , \'STEAM_ID_PENDING\' , \'zzz.zzz.zzz.zzz:27005\', \'joine' at line 1
i should mention that i used the ingame name g#'d;#Sdf'_$ for testing purposes.
as you can see it escapes everything.
its not really what i wanted, and i dont quite understand how it works, wouldnt it be easier to have smth like this
Code:
new Handle:query= SQL_PrepareQuery(Handle:db,"INSERT INTO `%s` (`field`) VALUES ('%s)",table_name,SQL_safequotesomething(fieldvalue))

and if theres no such thing then how can i manually escape those hex chars that php's mysq_real_escape_string escapes ?
Code:
 \x00, \n, \r, \, ', " and \x1a
Apparently you're trying to escape the whole query. As far as I know you should only scape user-provided data, like names.
danielkza is offline
 



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 03:16.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode