On Wed, 5 Sep 2001, Artovil wrote:
>When I use it in a sprintf all the values set with the char function end up
>being the same. What am I doing wrong?
Fundamental lack of understanding of 'static' I'd say.
See your MySQL's: manual_toc.html#mysql_real_escape_string
-----
23.4.42 mysql_real_escape_string()
unsigned int mysql_real_escape_string(MYSQL *mysql, char *to, const char
*from, unsigned int length)
23.4.42.1 Description
This function is used to create a legal SQL string that you can use in a
SQL statement. See section 7.1.1 Strings.
The string in from is encoded to an escaped SQL string, taking into
account the current character set of the connection.
The result is placed in to and a terminating null byte is
appended. Characters encoded are NUL (ASCII 0), `\n', `\r', `\',
`'', `"', and Control-Z (see section 7.1 Literals: How to Write Strings
and Numbers).
The string pointed to by from must be length bytes long. You must
allocate the to buffer to be at least length*2+1 bytes
long. (In the worse case, each character may need to be encoded as
using two bytes, and you need room for the terminating
null byte.) When mysql_escape_string() returns, the contents of to
will be a null-terminated string. The return value is
the length of the encoded string, not including the terminating null
character.
23.4.42.2 Example
char query[1000],*end;
end = strmov(query,"INSERT INTO test_table values(");
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"What's this",11);
*end++ = '\'';
*end++ = ',';
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16);
*end++ = '\'';
*end++ = ')';
if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
{
fprintf(stderr, "Failed to insert row, Error: %s\n",
mysql_error(&mysql));
}
The strmov() function used in the example is included in the
mysqlclient library and works like strcpy() but returns a
pointer to the terminating null of the first parameter.
-----
You should use that function instead of trying to write your own. You'll
need '-lmysqlclient' to LIBS= in Makefile if you're not already using it.
You might also be able to temporarily override sprintf()'s '%s' specifier
to use mysql_real_escape_string() but you'll need a lot of experience (and
Linux glibc 2) to do that. I'm rather fond of Perl's handling of string
quoting:
$cur = $dbh->prepare('SELECT * FROM table WHERE foo=? AND bar=?');
$cur->execute($foovalue, $barvalue);
I'd write a varargs wrapper to do that in C if I was using SQL.
--
George Greer
greerga@circlemud.org
--
+---------------------------------------------------------------+
| FAQ: http://qsilver.queensu.ca/~fletchra/Circle/list-faq.html |
| Archives: http://post.queensu.ca/listserv/wwwarch/circle.html |
+---------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/06/01 PST