PDA

View Full Version : Escape


ScIrUsna
06/05/2016, 03:39 AM
If i do mysql escape and i write it in other variable escape exit's or no?

new escapestring[ 50 ];

mysql_real_escape_string(escapestring,escapestring );

new otherstring[ 50 ];

format(otherstring,49,"%s", escapestring);

KevinReinke
06/05/2016, 03:42 AM
Yes, it does.

ScIrUsna
06/05/2016, 04:22 AM
You mean i don't need to do another escape like:

format(otherstring,49,"%s", escapestring);

and

mysql_real_escape_string(otherstring,otherstring);

KevinReinke
06/05/2016, 05:01 AM
You should basically only escape inputs.

You're better off leaving that function aside. And when you are going to execute a query that has custom inputs in it, use the %q specifier (escapes the string placed in the parameter), instead of the %s specifier.

The %q specifier is built into the native format.

ScIrUsna
06/05/2016, 05:14 AM
But i heard i have to escape everything i write into database update,select,delect queries any collum is text and player can write

itsCody
06/05/2016, 05:27 AM
use mysql_format and use %e to escape.

KevinReinke
06/05/2016, 05:30 AM
But i heard i have to escape everything i write into database update,select,delect queries any collum is text and player can write

You only have to escape strings that players have inputted/specified.

ScIrUsna
06/05/2016, 06:53 AM
Yes, but i don't understand with first question, when i write escaped text in other variable i need reescape again?