At 6:51 PM +0000 11/19/00, Gustavo Vieira Goncalves Coelho Rios wrote:
>Dear gentleman,
>
>i am writing my own version of mysql_escape_string (the reason i dont
>want to use mysql version is i dont want to encode the NULL carac.)
Why is that? If your string contains null bytes and you insert it into
a query that you send to the server, the query string will be incorrect.
>
>Here it is:
>
>unsigned int
>enc2mysql(char *to, char *from, unsigned int len)
>{
> unsigned int to_len;
>
> for (to_len = 0; len; ++from, len--)
> switch (*from) {
> case '\n' :
> *to++ = '\\';
> *to++ = 'n';
> to_len += 2;
> break;
> case '\r' :
> *to++ = '\\';
> *to++ = 'r';
> to_len += 2;
> break;
> case '\\' : case '\'' : case '"' :
> *to++ = '\\';
> *to++ = *from;
> to_len += 2;
> break;
> default :
> case '\\' : case '\'' : case '"' :
> *to++ = '\\';
> *to++ = *from;
> to_len += 2;
> break;
> default :
> *to++ = *from;
> to_len++;
> }
Why do you have multiple cases for \, ', ", and default?
> *to = *from;
>
> return to_len;
>}
>
>
>My questions is: what should i encode CTRL Z to?
The easiest way to find out is to examine the source for mysql_escape_string,
which is in libmysql/libmysql.c. This is what it does:
case '\032': /* This gives problems on Win32 */
*to++= '\\';
*to++= 'Z';
break;
--
Paul DuBois, paul@stripped
| Thread |
|---|
| • encoding | Gustavo Vieira Goncalves Coelho Rios | 19 Nov |
| • Re: encoding | Paul DuBois | 19 Nov |
| • Re: encoding | Gustavo Vieira Goncalves Coelho Rios | 19 Nov |
