Hi guys!
I am here to warn you: Do not use any function with SQL that takes a user input. Our servers are highly vulnerable to SQL injection. Let me give you an example:
if (command == "carinfo")
{
local q = QuerySQL("select * from cars where id=" + arguments);
//...
}Never ever use codes like that. What if some player (probably clever at hacking and SQL injection) typed this command?
/carinfo 0; drop table cars
Well, it will execute this query:
select * from cars where id=0; drop table cars
This will result in all cars being deleted
or he can write
/carinfo 0; update cars set owner='mee' where id=192
Which will result him stealing the car. So, use safety guards for example reject non numeric input or reject semicolons.
There's a function called escapeSQLString that will escape user input.