No, that is wrong as you noticed, and also because delete[], not delete, should be used.
One way is to save the result of the call to _sql in a variable, then after using that variable, use delete[] with it.
However, a possibly better way:
Code:
std::string _sql(const char *dataIn)
{
std::string to(strlen(dataIn) * 2);
mysql_real_escape_string(MySQL_Database_Connection__global, &to[0], dataIn, strlen(dataIn));
return to;
}
then:
Code:
snprintf(szQueryText,
sizeof(szQueryText),
"UPDATE this_table SET this_field = '%s' WHERE this_value = 1 ;",
_sql(text).c_str());
Note that names that begin with an underscore followed by a lowercase letter is reserved to the implementation for use in the global and std namespaces, so _sql should be within your own namespace. Actually, if the underscore prefix is just to denote this as a helper function to avoid name conflicts, consider just renaming it (escape_string?) and defining it in an unnamed namespace.