DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(mysql.info) mysql-real-escape-string

Info Catalog (mysql.info) mysql-real-connect (mysql.info) c-api-functions (mysql.info) mysql-real-query 
 
 22.2.3.52 `mysql_real_escape_string()'
 ......................................
 
 `unsigned long mysql_real_escape_string(MYSQL *mysql, char *to, const
 char *from, unsigned long length)'
 
 Note that `mysql' must be a valid, open connection. This is needed
 because the escaping depends on the character set in use by the server.
 
 *Description*
 
 This function is used to create a legal SQL string that you can use in
 an SQL statement. See  string-syntax.
 
 The string in `from' is encoded to an escaped SQL string, taking into
 account the current character set of the connection. The result is
 placed in `to' and a terminating null byte is appended. Characters
 encoded are `NUL' (ASCII 0), ‘`\n'’, ‘`\r'’, ‘`\'’,
 ‘`''’, ‘`"'’, and Control-Z (see  literals). (Strictly
 speaking, MySQL requires only that backslash and the quote character
 used to quote the string in the query be escaped. This function quotes
 the other characters to make them easier to read in log files.)
 
 The string pointed to by `from' must be `length' bytes long. You must
 allocate the `to' buffer to be at least `length*2+1' bytes long. (In
 the worst case, each character may need to be encoded as using two
 bytes, and you need room for the terminating null byte.) When
 `mysql_real_escape_string()' returns, the contents of `to' is a
 null-terminated string.  The return value is the length of the encoded
 string, not including the terminating null character.
 
 If you need to change the character set of the connection, you should
 use the `mysql_set_character_set()' function rather than executing a
 `SET NAMES' (or `SET CHARACTER SET') statement.
 `mysql_set_character_set()' works like `SET NAMES' but also affects the
 character set used by `mysql_real_escape_string()', which `SET NAMES'
 does not.
 
 *Example*
 
      char query[1000],*end;
 
      end = strmov(query,"INSERT INTO test_table values(");
      *end++ = '\'';
      end += mysql_real_escape_string(&mysql, end,"What's this",11);
      *end++ = '\'';
      *end++ = ',';
      *end++ = '\'';
      end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16);
      *end++ = '\'';
      *end++ = ')';
 
      if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
      {
         fprintf(stderr, "Failed to insert row, Error: %s\n",
                 mysql_error(&mysql));
      }
 
 The `strmov()' function used in the example is included in the
 `mysqlclient' library and works like `strcpy()' but returns a pointer
 to the terminating null of the first parameter.
 
 *Return Values*
 
 The length of the value placed into `to', not including the terminating
 null character.
 
 *Errors*
 
 None.
Info Catalog (mysql.info) mysql-real-connect (mysql.info) c-api-functions (mysql.info) mysql-real-query
automatically generated byinfo2html