List:MySQL++« Previous MessageNext Message »
From:Warren Young Date:April 18 2009 11:24pm
Subject:Re: mysqlpp::escape doesn't work?
View as plain text  
On Apr 18, 2009, at 4:14 PM, Torsten Schulz wrote:

> strbuf << "INSERT
> INTO filedata (fileid, fileversion, filedata, realfilename) VALUES ("
> << dbid << ", " << version << ", \"" <<
> mysqlpp::escape << fill << "\", '" <<
> dokumentFile->clientFileName() << "')";

The MySQL++ stream manipulators only work with Query.  They purposely  
do nothing when inserted into other types of IOstreams.

You can rewrite the central part of that snippet as:

	Query query = db->GetNullQuery();
	char *read_buffer = new char[blen];
	instrm.read(read_buffer, blen);
	query << "INSERT INTO filedata (fileid, fileversion, filedata,  
realfilename) "
		"VALUES (" << dbid << ',' << version << ',' <<
mysqlpp::escape <<
		mysqlpp::sql_varchar(read_buffer, blen) << ',' << mysqlpp::quote <<
		dokumentFile->clientFileName() << ')';
	query.exec();

You might be able to drop the mysqlpp::escape...the stream might auto- 
quote it, since it's string data.

>    Caused by exception:You have an error in your SQL syntax; check  
> the manual that corresponds to your MySQL server version for the  
> right syntax to use near '""?????' at line 1

When you get that exception, say something like:

	cerr << "BAD QUERY: " << query << endl;

so you can see what the problem is with the syntax.  You have to  
declare the Query object outside the try block to do that, of course.
Thread
mysqlpp::escape doesn't work?Torsten Schulz19 Apr
  • Re: mysqlpp::escape doesn't work?Warren Young19 Apr