Scripting/Squirrel/Functions/mysql escape string: Difference between revisions

From Vice City Multiplayer
Jump to navigation Jump to search
Caution icon
This wiki is using an old backup from 2020
Some information may be old/missing
(Created page with "Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. == Syntax == <pre>mysql_...")
 
m (Do not sign your edits)
Line 18: Line 18:
   //Do stuff here
   //Do stuff here
}</pre>
}</pre>
By KAKAN

Revision as of 03:36, 10 March 2016

Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

Syntax

mysql_escape_string( MySQLConnection handler, string query )

Arguments

  • MySQLConnection handler - A valid MySQL link/handler
  • String query - The string to escape

Return value

The escaped string.

Example

function onPlayerJoin( player )
{
   local pName = mysql_escape_string( handler, player.Name );
   local q = mysql_query( handler, "SELECT * FROM Accounts WHERE Name='" + pName + "'" );
   //Do stuff here
}