`mysql_real_escape_string()'
............................
`unsigned int mysql_real_escape_string(MYSQL *mysql, char *to, const
char *from, unsigned int length)'
Description
...........
This function is used to create a legal SQL string that you can use in a
SQL statement. Note:String syntax.
The string in `from' is encoded to an escaped SQL string, taking into
account the current character set of the connection. The result is
placed in `to' and a terminating null byte is appended. Characters
encoded are `NUL' (ASCII 0), `\n', `\r', `\', `'', `"', and Control-Z
(Note:Literals).
The string pointed to by `from' must be `length' bytes long. You must
allocate the `to' buffer to be at least `length*2+1' bytes long. (In
the worse case, each character may need to be encoded as using two
bytes, and you need room for the terminating null byte.) When
`mysql_escape_string()' returns, the contents of `to' will be a
null-terminated string. The return value is the length of the encoded
string, not including the terminating null character.
Example
.......
char query[1000],*end;
end = strmov(query,"INSERT INTO test_table values(");
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"What's this",11);
*end++ = '\'';
*end++ = ',';
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16);
*end++ = '\'';
*end++ = ')';
if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
{
fprintf(stderr, "Failed to insert row, Error: %s\n",
mysql_error(&mysql));
}
The `strmov()' function used in the example is included in the
`mysqlclient' library and works like `strcpy()' but returns a pointer
to the terminating null of the first parameter.
Return Values
.............
The length of the value placed into `to', not including the terminating
null character.
Errors
......
None.