TheXnator wrote:
DEADMONSTOR wrote:
Ezehzz wrote:
When people think they can code but always end up breaking stuff
Simple mistakes he will only use once. No need to be rude tbh.
Props to DEAD for actually explaining what the problem was rather than just yelling about how it is wrong <3
Future reference for everyone that wants to get into coding. Clients are all cunts. Expect them to try and break everything you want to make so add every stop that you can ever. So if anyone knows sql you know that sql injection is where you put shit in the database to do shit that you were not meant to do.
sql.SQLStr( string string, boolean bNoQuotes=false ) // This will strip all characters that SQL should not be in there in the first place.
Example:
sql.Query( "UPDATE " .. (lmao) .. " SET Dog = '" .. (asdkj) .. "' WHERE Name = '" .. (asdaiusdk) .. "';")
vs
sql.Query( "UPDATE " .. sql.SQLStr(lmao, true) .. " SET Dog = '" .. sql.SQLStr(asdkj, true) .. "' WHERE Name = '" .. sql.SQLStr(asdaiusdk, true) .. "';")
Second one will always be better and safer.