Modules/MTA-MySQL/mysql escape string: Difference between revisions
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
| No edit summary | mNo edit summary | ||
| Line 1: | Line 1: | ||
| <pageclass class="#AA7592" subcaption="MTA-MySQL Module"></pageclass> | |||
| __NOTOC__ | __NOTOC__ | ||
| {{ModuleFunction|MTA-MySQL}} | {{ModuleFunction|MTA-MySQL}} | ||
Latest revision as of 17:41, 5 January 2011
|   | This function is provided by the external module MTA-MySQL. You must install this module to use this function. | 
Escapes a query string to avoid sql injection attacks. This function should be used for every executed query that uses any data given by the players.
Syntax
string mysql_escape_string( MySQLConnection handler, string theString )
Required arguments
- handler: A valid MySQL link
- theString: The string to escape
Returns
The escaped string
Example
Example 1: This example returns some offline player cash getting it from the database
function checkOfflineMoney(playerSource, commandName, targetName)
  local escapedName = mysql_escape_string(handler, targetName) -- Escape the string to avoid security holes
  local result = mysql_query(handler, "SELECT money FROM account WHERE name='" .. escapedName .. "'")
  if (not result) then
    outputDebugString("mysql_query failed: (" .. mysql_errno(handler) .. ") " .. mysql_error(handler)) -- Some error occurred
  else
    if (mysql_num_rows(result) == 0) then outputChatBox("Account not found", playerSource) -- We haven't results with that name
    else outputChatBox("The player has " .. mysql_result(result, 1, 1) .. "$", playerSource) end -- Send the money information
    mysql_free_result(result) -- Free the query result
  end
end
addCommandHandler("offlinecash", checkOfflineMoney)
See also
- mysql_connect
- mysql_close
- mysql_errno
- mysql_error
- mysql_ping
- mysql_select_db
- mysql_escape_string
- mysql_affected_rows
- mysql_change_user
- mysql_get_character_set_info
- mysql_get_client_info
- mysql_get_client_version
- mysql_get_host_info
- mysql_get_proto_info
- mysql_get_server_info
- mysql_get_server_version
- mysql_hex_string
- mysql_info
- mysql_insert_id
- mysql_query
- mysql_unbuffered_query
- mysql_set_character_set
- mysql_stat
- mysql_warning_count