Copyright (C) 2000-2012 |
GNU Info (mysql.info)mysql_real_escape_string`mysql_real_escape_string()' ............................ `unsigned int mysql_real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned int length)' Description ........... This function is used to create a legal SQL string that you can use in a SQL statement. Note: String syntax. The string in `from' is encoded to an escaped SQL string, taking into account the current character set of the connection. The result is placed in `to' and a terminating null byte is appended. Characters encoded are `NUL' (ASCII 0), `\n', `\r', `\', `'', `"', and Control-Z (Note: Literals). The string pointed to by `from' must be `length' bytes long. You must allocate the `to' buffer to be at least `length*2+1' bytes long. (In the worse case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.) When `mysql_escape_string()' returns, the contents of `to' will be a null-terminated string. The return value is the length of the encoded string, not including the terminating null character. Example ....... char query[1000],*end; end = strmov(query,"INSERT INTO test_table values("); *end++ = '\''; end += mysql_real_escape_string(&mysql, end,"What's this",11); *end++ = '\''; *end++ = ','; *end++ = '\''; end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16); *end++ = '\''; *end++ = ')'; if (mysql_real_query(&mysql,query,(unsigned int) (end - query))) { fprintf(stderr, "Failed to insert row, Error: %s\n", mysql_error(&mysql)); } The `strmov()' function used in the example is included in the `mysqlclient' library and works like `strcpy()' but returns a pointer to the terminating null of the first parameter. Return Values ............. The length of the value placed into `to', not including the terminating null character. Errors ...... None. automatically generated by info2www version 1.2.2.9 |