>>>>> "Fred" == Fred T Krogh <fkrogh@stripped> writes:
>> From C a call to mysql_query with the query string (using copy and
Fred> from the debugger):
Fred> "INSERT AB VALUES (NULL,129,2,\"Computational Mathematics\",0)"
Fred> fails, giving a result of -1. Note that the '\'s on the inside
Fred> are not really there, it is just what the debugger prints. (At
Fred> least if I look at consecutive memory locations, 2, is followed
Fred> by a ".) Etc. for the " at the front and the end.
Fred> Removing the '\'s in the middle and the "'a at the front and
Fred> back, this statement works just fine when put in the mysql
Fred> program. This has me puzzled.
What ' in the middle and ' at the front ?
Fred> The same situation applies with:
Fred> "INSERT AB VALUES (NULL,129,2,'Computational Mathematics',0)"
Fred> That is, it doesn't work in C, but with the quotes removed
Fred> (which aren't really there) it works in mysql.
What error message did you get from the MySQL server ?
Are you sure you are not debugging the wrong problem?
Fred> I've also found mysql_escape_string confusing to use. First I
Fred> tried passing in "Computational Mathematics" and got back
Fred> \"Computational Mathematics\", giving a string that I could not
Fred> use successfully in an insert. Passing in just Computational
Fred> Mathematics gave back Computational Mathematics, again something
Fred> that would not work in an insert. Perhaps I shouldn't complain
Fred> too much about this since even when I pass in a string I think
Fred> should work, it doesn't. (And I do know how to get this to do
Fred> what I want, even if the result doesn't work.)
The above is absolutely correct behaveour.
The value you get back from 'mysql_escape_string' should be used in
the insert statements with single quotes (') around it.