List:General Discussion« Previous MessageNext Message »
From:Gerald Clark Date:October 1 1999 12:57pm
Subject:Re: is mysql_escape_string() necessary to send queries to server
View as plain text  
M wrote:
> 
> Hi,
> 
> I'm using MySQL 3.21.33b on UNIX and LINUX. I have read a document on
> the web called MySQL C API, which states that "you must ensure that you
> encode the values properly" - with mysql_escape_string() - when sending
> queries to the MySQL server. Is the C API function mysql_escape_string()
> really necessary to send queries to the MySQL server?
> 
> For example, I have coded a small C program which inserts data into a
> table. The second attribute is a string (c_name), which is encased by
> single quotes. I have not used the mysql_escape_string() function to
> "encode the values properly".
> 
> I have coded following query
> 
> INSERT INTO customer(c_no, c_name) VALUES (1, 'Jaco Pastorius');
> 

And if the customer's name is 'Tim O'Manion' ?
Thread
is mysql_escape_string() necessary to send queries to serverM1 Oct
  • Re: is mysql_escape_string() necessary to send queries to serverGerald Clark1 Oct