MySQL Manual
9 MySQL APIs
- 9.1 MySQL C API
- 9.1.3 C API Function Descriptions
- 9.1.3.1
mysql_affected_rows() - 9.1.3.2
mysql_change_user() - 9.1.3.3
mysql_character_set_name() - 9.1.3.4
mysql_close() - 9.1.3.5
mysql_connect() - 9.1.3.6
mysql_create_db() - 9.1.3.7
mysql_data_seek() - 9.1.3.8
mysql_debug() - 9.1.3.9
mysql_drop_db() - 9.1.3.10
mysql_dump_debug_info() - 9.1.3.11
mysql_eof() - 9.1.3.12
mysql_errno() - 9.1.3.13
mysql_error() - 9.1.3.14
mysql_escape_string() - 9.1.3.15
mysql_fetch_field() - 9.1.3.16
mysql_fetch_fields() - 9.1.3.17
mysql_fetch_field_direct() - 9.1.3.18
mysql_fetch_lengths() - 9.1.3.19
mysql_fetch_row() - 9.1.3.20
mysql_field_count() - 9.1.3.21
mysql_field_seek() - 9.1.3.22
mysql_field_tell() - 9.1.3.23
mysql_free_result() - 9.1.3.24
mysql_get_client_info() - 9.1.3.25
mysql_get_server_version() - 9.1.3.26
mysql_get_host_info() - 9.1.3.27
mysql_get_proto_info() - 9.1.3.28
mysql_get_server_info() - 9.1.3.29
mysql_info() - 9.1.3.30
mysql_init() - 9.1.3.31
mysql_insert_id() - 9.1.3.32
mysql_kill() - 9.1.3.33
mysql_list_dbs() - 9.1.3.34
mysql_list_fields() - 9.1.3.35
mysql_list_processes() - 9.1.3.36
mysql_list_tables() - 9.1.3.37
mysql_num_fields() - 9.1.3.38
mysql_num_rows() - 9.1.3.39
mysql_options() - 9.1.3.40
mysql_ping() - 9.1.3.41
mysql_query() - 9.1.3.42
mysql_real_connect() - 9.1.3.43
mysql_real_escape_string() - 9.1.3.44
mysql_real_query() - 9.1.3.45
mysql_reload() - 9.1.3.46
mysql_row_seek() - 9.1.3.47
mysql_row_tell() - 9.1.3.48
mysql_select_db() - 9.1.3.49
mysql_sqlstate() - 9.1.3.50
mysql_shutdown() - 9.1.3.51
mysql_stat() - 9.1.3.52
mysql_store_result() - 9.1.3.53
mysql_thread_id() - 9.1.3.54
mysql_use_result() - 9.1.3.55
mysql_commit() - 9.1.3.56
mysql_rollback() - 9.1.3.57
mysql_autocommit() - 9.1.3.58
mysql_more_results() - 9.1.3.59
mysql_next_result()
- 9.1.3.1
9.1.3.43 mysql_real_escape_string()
unsigned long mysql_real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length)
Description
This function is used to create a legal SQL string that you can use in a SQL statement. See section 6.1.1.1 Strings.
The string in from is encoded to an escaped SQL string, taking
into account the current character set of the connection. The result is placed
in to and a terminating null byte is appended. Characters
encoded are NUL (ASCII 0), `\n', `\r', `\',
`'', `"', and Control-Z (see section 6.1.1 Literals: How to Write Strings and Numbers).
(Strictly speaking, MySQL requires only that backslash and the quote
character used to quote the string in the query be escaped. This function
quotes the other characters to make them easier to read in log files.)
The string pointed to by from must be length bytes long. You
must allocate the to buffer to be at least length*2+1 bytes
long. (In the worst case, each character may need to be encoded as using two
bytes, and you need room for the terminating null byte.) When
mysql_real_escape_string() returns, the contents of to will be a
null-terminated string. The return value is the length of the encoded
string, not including the terminating null character.
Example
char query[1000],*end;
end = strmov(query,"INSERT INTO test_table values(");
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"What's this",11);
*end++ = '\'';
*end++ = ',';
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16);
*end++ = '\'';
*end++ = ')';
if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
{
fprintf(stderr, "Failed to insert row, Error: %s\n",
mysql_error(&mysql));
}
The strmov() function used in the example is included in the
mysqlclient library and works like strcpy() but returns a
pointer to the terminating null of the first parameter.
Return Values
The length of the value placed into to, not including the
terminating null character.
Errors
None.
User Comments
| Posted by mysql on Monday January 20 2003, @1:12am | [Delete] [Edit] |
Documentation is unclear (at least to me):
> taking into account the current character
> set of the connection
What does this mean? How is mysql_real_escape_string affected by the character set?
To test the feature, I run the mysql server with default-character-set=usa7
Then I used mysql_real_escape_string on a string containing german special characters (äöüß), which should be illegal for the usa7 charset; nothing happened, i.e. mysql_real_escape_string neither removed nor changed these characters.
Thus, I experienced no change compared to mysql_escape_string.
| Posted by Gerard Boor on Wednesday March 5 2003, @3:13am | [Delete] [Edit] |
This doesn't work when using the VC++ APIs for Win32 (and maybe also not in the BCB APIs), you get an unresolved external, even with all libs included.
Here is a solution that does the same. Buffer1 is your binary data, Buffer 2 is the data you put into the query;
char Buffer1[100]
char Buffer2[201]
for(int x = 0; x < 100; x++)
{
switch(Buffer[x])
{
case '\0':
Picture += "\\0";
break;
case '\n':
Picture += "\\n";
break;
case '\r':
Picture += "\\r";
break;
case '\'':
Picture += "\\'";
break;
case '"':
Picture += "\\\"";
break;
case '\\':
Picture += "\\\\";
break;
default:
Picture += Buffer[y];
break;
}
| Posted by Gerard Boor on Wednesday March 5 2003, @3:14am | [Delete] [Edit] |
Errata: of course the 'Picture' should be 'Buffer2', sorry for the inconvenience.
| Posted by [name withheld] on Thursday May 1 2003, @1:19pm | [Delete] [Edit] |
Please add a note on how to scape the % character in strings, so that it can be later used in LIKE expressions.
| Posted by Justin Shumaker on Saturday June 28 2003, @7:08pm | [Delete] [Edit] |
It would be most useful to add a function that provides the programmer with the length returned by mysql_real_escape_string() because the *to buffer usually needs to be allocated a particular size before this function is called. If that size is unknown before the function is called a paradox exists. Simply allocating twice the memory for the *to buffer with respect to the *from buffer is unsatisfactory.
