Thread: [Tutorial] How to use SQLite
View Single Post
Old 09/07/2013, 12:31 PM   #4
Konstantinos
Spam Machine
 
Konstantinos's Avatar
 
Join Date: Dec 2011
Posts: 11,981
Reputation: 1392
Default Re: How to use SQLite

You should. I will give you an example of what SQL Injection is.

Let's say your mode has a dialog (input) and someone insert a "name" to check something for a user. He can input:
pawn Code:
"Zeus';DROP TABLE users;"
And it will just delete your table "users". DB_Escape is used for this reason. To prevent someone from doing something bad to your database. You can also read more about DB_Escape/SQL Injection to the wiki (http://wiki.sa-mp.com/wiki/Escaping_Strings_SQLite) or wikipedia (http://en.wikipedia.org/wiki/SQL_injection)

You just need to check any string you insert in a query with:
pawn Code:
// An example:
"SELECT username FROM users WHERE ip = '%s'", DB_Escape( ip ) // etc..

Glad to hear that you use SQLite, it's great and I can confirm it because I know that a very popular server in the past used SQLite and had over 500,000 registered users and everything worked fine!

Thanks for your kind words.
__________________
Life is like riding a bicycle. To keep your balance, you must keep moving.

[Tutorial] How to use SQLite
[FilterScript] Tune System
Konstantinos is offline   Reply With Quote