Modules/MTA-MySQL/mysql escape string - Revision history

Alberto Alonso at 17:41, 5 January 2011

2011-01-05T17:41:09Z

← Older revision		Revision as of 17:41, 5 January 2011
Line 1:		Line 1:
			<pageclass class="#AA7592" subcaption="MTA-MySQL Module"></pageclass>
	__NOTOC__		__NOTOC__
	{{ModuleFunction\|MTA-MySQL}}		{{ModuleFunction\|MTA-MySQL}}

Ryden at 17:59, 14 January 2008

2008-01-14T17:59:09Z

← Older revision		Revision as of 17:59, 14 January 2008
Line 1:		Line 1:
	__NOTOC__		__NOTOC__
			{{ModuleFunction\|MTA-MySQL}}
	Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.		Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

Ryden: /* Example */

2008-01-13T16:37:11Z

Example

← Older revision		Revision as of 16:37, 13 January 2008
Line 23:		Line 23:
	else		else
	if (mysql_num_rows(result) == 0) then outputChatBox("Account not found", playerSource) -- We haven't results with that name		if (mysql_num_rows(result) == 0) then outputChatBox("Account not found", playerSource) -- We haven't results with that name
	else outputChatBox("The player has " .. mysql_result(result, 1, 1) .. "$") end -- Send the money information		else outputChatBox("The player has " .. mysql_result(result, 1, 1) .. "$", playerSource) end -- Send the money information
	mysql_free_result(result) -- Free the query result		mysql_free_result(result) -- Free the query result
	end		end

Ryden: New page: NOTOC Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. ==Syntax== st...

2008-01-13T16:36:27Z

New page: __NOTOC__ Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. ==Syntax== <syntaxhighlight lang="lua"> st...

New page

__NOTOC__
Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.

==Syntax==
<syntaxhighlight lang="lua">
string mysql_escape_string( MySQLConnection handler, string theString )
</syntaxhighlight>
===Required arguments===
* '''handler:''' A valid MySQL link
* '''theString:''' The string to escape

===Returns===
The escaped string

==Example==
'''Example 1:''' This example returns some offline player cash getting it from the database
<syntaxhighlight lang="lua">
function checkOfflineMoney(playerSource, commandName, targetName)
local escapedName = mysql_escape_string(handler, targetName) -- Escape the string to avoid security holes
local result = mysql_query(handler, "SELECT money FROM account WHERE name='" .. escapedName .. "'")
if (not result) then
outputDebugString("mysql_query failed: (" .. mysql_errno(handler) .. ") " .. mysql_error(handler)) -- Some error occurred
else
if (mysql_num_rows(result) == 0) then outputChatBox("Account not found", playerSource) -- We haven't results with that name
else outputChatBox("The player has " .. mysql_result(result, 1, 1) .. "$") end -- Send the money information
mysql_free_result(result) -- Free the query result
end
end
addCommandHandler("offlinecash", checkOfflineMoney)
</syntaxhighlight>

==See also==
{{Modules/MTA-MySQL/Handler_functions}}

Modules/MTA-MySQL/mysql escape string - Revision history

Alberto Alonso at 17:41, 5 January 2011

Ryden at 17:59, 14 January 2008

Ryden: /* Example */

Ryden: New page: __NOTOC__ Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. ==Syntax== st...

Ryden: New page: NOTOC Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players. ==Syntax== st...