List:General Discussion« Previous MessageNext Message »
From:Michael Widenius Date:April 1 1999 2:44pm
Subject:Query/escape_string confusion
View as plain text  
Hi!

>>>>> "Fred" == Fred T Krogh <fkrogh@stripped> writes:

>> From C a call to mysql_query with the query string (using copy and
>> paste
Fred> from the debugger):

Fred> "INSERT AB VALUES (NULL,129,2,\"Computational Mathematics\",0)"

Fred> fails, giving a result of -1.  Note that the '\'s on the inside
Fred> are not really there, it is just what the debugger prints.  (At
Fred> least if I look at consecutive memory locations, 2, is followed
Fred> by a ".)  Etc. for the " at the front and the end.

Fred> Removing the '\'s in the middle and the "'a at the front and
Fred> back, this statement works just fine when put in the mysql
Fred> program.  This has me puzzled.

What ' in the middle and ' at the front ?

Fred> The same situation applies with:

Fred> "INSERT AB VALUES (NULL,129,2,'Computational Mathematics',0)"

Fred> That is, it doesn't work in C, but with the quotes removed
Fred> (which aren't really there) it works in mysql.

What error message did you get from the MySQL server ?
Are you sure you are not debugging the wrong problem?

Fred> I've also found mysql_escape_string confusing to use.  First I
Fred> tried passing in "Computational Mathematics" and got back
Fred> \"Computational Mathematics\", giving a string that I could not
Fred> use successfully in an insert.  Passing in just Computational
Fred> Mathematics gave back Computational Mathematics, again something
Fred> that would not work in an insert.  Perhaps I shouldn't complain
Fred> too much about this since even when I pass in a string I think
Fred> should work, it doesn't.  (And I do know how to get this to do
Fred> what I want, even if the result doesn't work.)

The above is absolutely correct behaveour.

The value you get back from 'mysql_escape_string' should be used in
the insert statements with single quotes (') around it.

Regards,
Monty

Thread
Query/escape_string confusionFred T. Krogh1 Apr
  • Query/escape_string confusionMichael Widenius1 Apr
  • Re: Query/escape_string confusionFred T. Krogh1 Apr
RE: stupid questionKenneth Hylton11 Jun