At 1:37 AM +0000 7/6/1999, El Jeffo wrote:
>Hey, did I miss something in my intro to C class? anyways, here
>are a few comment I'm going to make, please correct me if I'm
>wrong. This is from:
>
>http://www.mysql.net/Manual_chapter/manual_Clients.html#mysql_escape_string
>
>19.4.12.2 Example
>
>char query[1000],*end;
>
>end = strmov(query,"INSERT INTO test_table values(");
>****okay cause it's the mysqlclient strmov()
>
>*end++ = '\";
>end += mysql_escape_string(query,"What's this",11);
>****does mysql_escape_string append??
No, this is a mistake, it should say "end" instead of "query".
>*end++ = '\";
>**** where's the close "'" for these lines?
This is an artifact of the Texinfo->HTML converter. The original
text says '\'', not '\".
>
>*end++ = ',';
>*end++ = '\";
>end += mysql_escape_string(query,"binary data: \0\r\n",16);
This should say "end" not "query", too.
>*end++ = '\";
>*end++ = ')';
>
>if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
>{
> fprintf(stderr, "Failed to insert row, Error: %s\n",
> mysql_error(&mysql));
>}
>
>*** On another note:
>
>Although the string written into to is null-terminated, you should not
>assume that it can be used with functions such as strlen() or strcpy().
>If the from string contains
>null bytes, mysql_escape_string() will escape them with a leading `\'
>character in the to string, but they will still appear to those
>functions as terminating nulls.
>
>*** "they will still appear to those functions" Is very ambiguous.
> Perhaps "The from string will still appear to strlen() and strcpy()
> as having terminating nulls before the end of the string. Therefore
> you shouldn't use strlen() to determine the length argument)
It's not ambiguous, because the comment refers to the to string, not the
from string.
>Such internal null bytes will also be seen as terminating nulls by
>mysql_query() and it will not handle the query properly. Therefore, when
>you
>
>*** Why is this? If we pass:
> mysql_query(&mysql, "insert in.... values("\0the\0Null"))
> where the query char* is "char *to", the query function shouldn't
> terminate the query prematurely.... or will it? The documentation
> clearly states that the NUL is escaped, therefore, it is only
> necessary to use mysql_real_query when you neglect to use
> mysql_escape_string() and the query string only contains nulls
> and not `\n', `\r', `\' or `''
The documentation is in error here (my fault). I was operating under
the assumption that mysql_escape_string() turned NUL bytes into
\ + NULL (i.e., that it simply put a backslash in front of the NUL
byte. If it did that, mysql_query() would in fact see the NUL as the
end of the string. But mysql_escape_string() actually turns NUL into
\ + '0', that is, \ + ASCII 48. So mysql_query() is safe for strings
that you construct using mysql_escape_string().
This will be corrected soon. Thanks for pointing it out.
--
Paul DuBois, paul@stripped
Northern League Chronicles: http://www.snake.net/nl/
