Raised This Month: $ Target: $400
 0% 

Escape MySQL dangerous symbols


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
V I R U S
Senior Member
Join Date: Jul 2004
Location: Russia / Germany
Old 09-29-2012 , 17:44   Escape MySQL dangerous symbols
Reply With Quote #1

Hello everybody.

I've created simple SQL logger, to log all chat and actions. Certainly i noticed that few events doesn't appear in MySQL database. The reason of that, was the ' symbol, which acts as delimiter in the insert command.

My part of plugin looks that way
PHP Code:
...
  new 
authid[32], name[32], ip[16
  
get_user_authid(idauthid31)
  
get_user_name(idname31)
  
get_user_ip(idip151)

  new 
currentTime get_systime(0)

  new 
query[1001]
  
format(query1000"INSERT into gamechat VALUES ('','%s','%s','%s','%s','%i','%i','%s')"get_serverPort(), nameauthidipcs_get_user_team(id), currentTimemessage)
... 
I know, that i might replace all ' in VALUES, so that it will not act like delimiter, but then there will be the same problem with " symbol.

Is there a good way to escape "all" dangerous symbols in nicknames and messages before insert statement?

Thanks!
__________________

Last edited by V I R U S; 09-29-2012 at 17:44.
V I R U S is offline
Send a message via ICQ to V I R U S
Neeeeeeeeeel.-
Some Guy Yellin'
Join Date: Jul 2010
Location: Argentina
Old 09-29-2012 , 18:46   Re: Escape MySQL dangerous symbols
Reply With Quote #2

You should use:
PHP Code:
format(query1000"INSERT into gamechat VALUES ('',^"%s^",^"%s^",^"%s^",^"%s^",'%i','%i',^"%s^")"get_serverPort(), nameauthidipcs_get_user_team(id), currentTimemessage
PS: Formatex is faster than format.
__________________
Neeeeeeeeeel.- is offline
Send a message via Skype™ to Neeeeeeeeeel.-
V I R U S
Senior Member
Join Date: Jul 2004
Location: Russia / Germany
Old 09-29-2012 , 22:14   Re: Escape MySQL dangerous symbols
Reply With Quote #3

Thanks!
__________________
V I R U S is offline
Send a message via ICQ to V I R U S
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:11.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode