List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:March 11 2003 4:19pm
Subject:Re: Is mysql_real_escape_string for blob storage?
View as plain text  
At 0:07 +0000 3/12/03, Lai Liu-yuan wrote:
>Thanks for your reply.
>
>But, what then is the role of mysql_real_query? In document, it says 
>"You must use mqsql_real_query for queries that contain binary data"?

That doesn't mean the data values don't need to be properly escaped.
What if you put a binary value containing a quote within quotes?
Result: malformed query.

mysql_real_query() uses a string and a length to indicate how long the
string is.  It won't be fooled by the presence of an ASCII 0 value within
the string.

mysql_query() uses a null-terminated string.  It *will* be fooled by the
presence of an ASCII 0 value within the string.  Specifically, it will
think the string ends at that 0, rather than where you want it to end.
Thread
Is mysql_real_escape_string for blob storage?Lai Liu-yuan11 Mar
  • Re: Is mysql_real_escape_string for blob storage?Paul DuBois11 Mar
    • Re: Is mysql_real_escape_string for blob storage?Lai Liu-yuan11 Mar
      • Re: Is mysql_real_escape_string for blob storage?Paul DuBois11 Mar