MySQL Lists: mysql: Re: is mysql_escape_string() necessary to send queries to server

List:	General Discussion	« Previous Message Next Message »
From:	Gerald Clark	Date:	October 1 1999 12:57pm
Subject:	Re: is mysql_escape_string() necessary to send queries to server
View as plain text

M wrote:
> 
> Hi,
> 
> I'm using MySQL 3.21.33b on UNIX and LINUX. I have read a document on
> the web called MySQL C API, which states that "you must ensure that you
> encode the values properly" - with mysql_escape_string() - when sending
> queries to the MySQL server. Is the C API function mysql_escape_string()
> really necessary to send queries to the MySQL server?
> 
> For example, I have coded a small C program which inserts data into a
> table. The second attribute is a string (c_name), which is encased by
> single quotes. I have not used the mysql_escape_string() function to
> "encode the values properly".
> 
> I have coded following query
> 
> INSERT INTO customer(c_no, c_name) VALUES (1, 'Jaco Pastorius');
> 

And if the customer's name is 'Tim O'Manion' ?

Thread
• is mysql_escape_string() necessary to send queries to server	M	1 Oct
• Re: is mysql_escape_string() necessary to send queries to server	Gerald Clark	1 Oct