Raised This Month: $41 Target: $400
 10% 

mysql escape string


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
JocAnis
Veteran Member
Join Date: Jun 2010
Old 02-19-2021 , 09:02   mysql escape string
Reply With Quote #1

hello. i want to store player's nickname into mysql database, but with doing escape string, im thinking of using:

Code:
new name[ 32 ]
SQL_PrepareQuery( name, name, 32 * 2 )

...

stock SQL_PrepareString( const source[], dest[], len )
{
	copy( dest, len, source )
	replace_all( dest, len, "\\", "\\\\" )
	replace_all( dest, len, "\0", "\\0" )
	replace_all( dest, len, "\n", "\\n" )
	replace_all( dest, len, "\r", "\\r" )
	replace_all( dest, len, "\x1a", "\Z" )
	replace_all( dest, len, "'", "\'" )
	replace_all( dest, len, "^"", "\^"" )
}
Also i saw code (and used once, but im still confused how efficient is that function) for other 'method':

Code:
new name[ 32 ], escName[ 64 ]
SQL_QuoteString( Empty_Handle, escName, charsmax( escName ), name )

then use escName for query input
What would be the best solution to use, with having in mind connected nickname should be equal from mysql (like doing reversed escape nickname?) ? Thanks in advace!
__________________
KZ Public Autocup - PrimeKZ

My blog: http://primekz.xyz (in progress...)

Last edited by JocAnis; 02-19-2021 at 09:04.
JocAnis is offline
CrazY.
Veteran Member
Join Date: May 2015
Location: SP, Brazil
Old 02-19-2021 , 09:35   Re: mysql escape string
Reply With Quote #2

SQL_QuoteString calls mysql_real_escape_string, should be safe.

Code:
int MysqlDatabase::QuoteString(const char *str, char buffer[], size_t maxlen, size_t *newsize)
{
	unsigned long size = static_cast<unsigned long>(strlen(str));
	unsigned long needed = size*2 + 1;

	if (maxlen < needed)
	{
		return (int)needed;
	}

	needed = mysql_real_escape_string(m_pMysql, buffer, str, size);
	if (newsize)
	{
		*newsize = static_cast<size_t>(needed);
	}

	return 0;
}
https://github.com/alliedmodders/amx...tabase.cpp#L80
__________________
Accepting private $$$ plugins requests.

@Steam: crazy770
@Discord: CrazY.#5317

Website | Channel

CrazY. is offline
JocAnis
Veteran Member
Join Date: Jun 2010
Old 02-19-2021 , 10:10   Re: mysql escape string
Reply With Quote #3

Oh nice. Thank you very much! I guess its Solved
__________________
KZ Public Autocup - PrimeKZ

My blog: http://primekz.xyz (in progress...)
JocAnis is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 15:24.


Powered by vBulletin®
Copyright ©2000 - 2021, vBulletin Solutions, Inc.
Theme made by Freecode