Is anyone familiar with the function:
?Code:mysql_real_escape_string
I tried using the example found here: http://dev.mysql.com/doc/refman/5.0/...pe-string.html
but it didn't work.
Just curious if anyone else has tried it and what their results were.
TYIA.
Maybe you should expand on "didn't work".
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
No problem. I should know better.Originally Posted by matsp
At first, the compiler was giving me compile errors saying "mysql is an undeclared itentifier".
I then added "MYSQL mysql;" at the top of the function and it compiled fine. Then when I ran it, it crashed. After doing a little digging, I then added "mysql_init(mysql);" to the top of the function. Well, the program got a little further down the function but then crashed again.
Unfortunately I'm not on my development machine right now to copy/paste the code. I probably should have waited until I got home from work to post this, but I figured it would at least get the gears turning.
If you have any other questions that i can answer to shed light on, please ask away.
As always, I thank you for your time and help.
If this:
is the code you are basing your experiments on, then I would say that it's perhaps not really the best example code.Code:char query[1000],*end; end = strmov(query,"INSERT INTO test_table values("); *end++ = '\''; end += mysql_real_escape_string(&mysql, end,"What's this",11); *end++ = '\''; *end++ = ','; *end++ = '\''; end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16); *end++ = '\''; *end++ = ')'; if (mysql_real_query(&mysql,query,(unsigned int) (end - query))) { fprintf(stderr, "Failed to insert row, Error: %s\n", mysql_error(&mysql)); }
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
Is the first thing I read in the function description... Somehow I suppose just calling init is not enough to open connection to the dbNote that mysql must be a valid, open connection
All problems in computer science can be solved by another level of indirection,
except for the problem of too many layers of indirection.
– David J. Wheeler
It is.. and I totally agree. As you have probably concluded from my last post you assisted me with, I'm just trying to stick a string into a MySQL varchar/text field and parse the quotes and apostrophes.
Originally, I tried creating the C function to do that for me before it hit sql, but then someone informed me that sql has an already built function, mysql_real_escape_string, to do that. So why re-invent the wheel, right?
Anyway, I'll wait until I get home to provide full details.
Cheers and wishing everyone a great Friday!
Last edited by xwielder; 05-02-2008 at 06:56 AM.
Well, the funny thing is that there's an already open connection. I shouldn't have to use mysql_init(); because it's called way early on in the int main().
<sigh> I dunno... I'm really thinking about just going back to try writing a C function that parses a string and makes it ready for an sql statement. I just need to turn all instances of apostrophes and quotation marks into escaped apostrophes and quotation marks.
I could kick myself in the arse for dropping out of programming classes early on. Especially now that I need the knowledge. Heh, I suppose that's life.
Last edited by xwielder; 05-02-2008 at 07:03 AM.
