Raised This Month: $ Target: $400
 0% 

Is MySQL Query safe enough?!


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
V I R U S
Senior Member
Join Date: Jul 2004
Location: Russia / Germany
Old 05-15-2009 , 11:53   Is MySQL Query safe enough?!
Reply With Quote #1

I was thinking on some plugins here, and some i wrote for myself... Some nicknames in CS/HL can act like SQL Injection, or release some errors...

So, is that really safe to user SQL database statistics and other? As i see, in AMX is no function like "mysql_escape_string" or others.

Mby there are other ways or AMX is just do that somehow in background?!!
__________________
V I R U S is offline
Send a message via ICQ to V I R U S
kib0rg
New Member
Join Date: Apr 2009
Old 05-15-2009 , 13:10   Re: Is MySQL Query safe enough?!
Reply With Quote #2

Safe, just use:
Code:
replace_all(str, 31, "`", "\`");
replace_all(str, 31, "'", "\'");
to prevent sql-inj.
kib0rg is offline
joaquimandrade
Veteran Member
Join Date: Dec 2008
Location: Portugal
Old 05-15-2009 , 14:08   Re: Is MySQL Query safe enough?!
Reply With Quote #3

In a nick you can't have a " so you can do this instead:

PHP Code:
"SELECT * FROM someTable WHERE nick =^"%s^" " 
I can't confirm it works but i guess so.
__________________
joaquimandrade is offline
Spunky
Senior Member
Join Date: May 2008
Location: Orlando, Fl.
Old 05-16-2009 , 07:23   Re: Is MySQL Query safe enough?!
Reply With Quote #4

Actually:

Code:
SELECT * FROM someTable WHERE nick = '%s'
Single quote, not double, so you're fine.
Spunky is offline
Send a message via AIM to Spunky
joaquimandrade
Veteran Member
Join Date: Dec 2008
Location: Portugal
Old 05-16-2009 , 13:53   Re: Is MySQL Query safe enough?!
Reply With Quote #5

Quote:
Originally Posted by Spunky View Post
Actually:

Code:
SELECT * FROM someTable WHERE nick = '%s'
Single quote, not double, so you're fine.
No because you can have single quotes in nicknames.
__________________
joaquimandrade is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 01:26.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode