• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: MySQL Escaped String
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MySQL Escaped String

  • Subject: Re: MySQL Escaped String
  • From: Andrew Farmer <email@hidden>
  • Date: Tue, 11 Jan 2005 10:04:22 -0800
On 11 Jan 2005, at 06:20, Robin Hermann wrote:
Thanks for your solution.
I solved it another way, using mysl_escape_string(), which is probably more complete (taken from the PHP source). 

Even better, use mysql_real_escape_string().

MySQL manual: 
21.2.3.14  mysql_escape_string()

You should use mysql_real_escape_string() instead!

This function is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler as its first argument and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
<...> 
21.2.3.44 mysql_real_escape_string()

unsigned long mysql_real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length);

Note that _mysql_ must be a valid, open connection. This is needed because the escaping depends on the character-set in use by the server.

This function is used to create a legal SQL string that you can use in a SQL statement. See section 10.1.1 Strings.

The string in from is encoded to an escaped SQL string, taking into account the current character set of the connection. The result is placed in _to_ and a terminating null byte is appended. Characters encoded are NUL (ASCII 0), `\n', `\r', `\', `'', `"', and Control-Z (see section 10.1 Literal Values). (Strictly speaking, MySQL requires only that backslash and the quote character used to quote the string in the query be escaped. This function quotes the other characters to make them easier to read in log files.)

The string pointed to by from must be _length_ bytes long. You must allocate the _to_ buffer to be at least _length_*2+1 bytes long. (In the worst case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.) When mysql_real_escape_string() returns, the contents of _to_ will be a null-terminated string. The return value is the length of the encoded string, not including the terminating null character.

Attachment: PGP.sig
Description: This is a digitally signed message part

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: MySQL Escaped String
      • From: Robin Hermann <email@hidden>
References: 
 >MySQL Escaped String (From: Robin Hermann <email@hidden>)
 >Re: MySQL Escaped String (From: Joakim Danielson <email@hidden>)
 >Re: MySQL Escaped String (From: Robin Hermann <email@hidden>)

  • Prev by Date: Re: MySQL Escaped String
  • Next by Date: Re: MySQL Escaped String
  • Previous by thread: Re: MySQL Escaped String
  • Next by thread: Re: MySQL Escaped String
  • Index(es):
    • Date
    • Thread