MySQL Lists: mysql: Re: Is mysql_real_escape

List:	General Discussion	« Previous Message Next Message »
From:	Paul DuBois	Date:	March 11 2003 4:19pm
Subject:	Re: Is mysql_real_escape_string for blob storage?
View as plain text

At 0:07 +0000 3/12/03, Lai Liu-yuan wrote:
>Thanks for your reply.
>
>But, what then is the role of mysql_real_query? In document, it says 
>"You must use mqsql_real_query for queries that contain binary data"?

That doesn't mean the data values don't need to be properly escaped.
What if you put a binary value containing a quote within quotes?
Result: malformed query.

mysql_real_query() uses a string and a length to indicate how long the
string is.  It won't be fooled by the presence of an ASCII 0 value within
the string.

mysql_query() uses a null-terminated string.  It *will* be fooled by the
presence of an ASCII 0 value within the string.  Specifically, it will
think the string ends at that 0, rather than where you want it to end.

Thread
• Is mysql_real_escape_string for blob storage?	Lai Liu-yuan	11 Mar
• Re: Is mysql_real_escape_string for blob storage?	Paul DuBois	11 Mar
• Re: Is mysql_real_escape_string for blob storage?	Lai Liu-yuan	11 Mar
• Re: Is mysql_real_escape_string for blob storage?	Paul DuBois	11 Mar