Sorry if the post was long and perhaps a bit complicated
> Why do you expect results from the database to be escaped in your
> program's view of the returned data? I don't know what the MySQL IPC
> protocol looks like; there may be some escaping in it, but that's an
> implementation detail below even MySQL++. By the time the returned data
> get transformed into SSQLSes, any such escaping is removed.
>
> The only escaping you should be worrying about is that used to send data
> *to* the DBMS, and MySQL++ does some escaping for you already.
I do not expect the result from the database to be escaped, and it isn't:
the fetched element vector[x].prevhash contains the exact binary data from
the database.
Like you say, the escaping needs to be done when sending data (back) to the
DBMS, and that is not happening in the second case
(of course not when calling the function, but inside this function when
building the select query).
To recap in a simpler form:
1) Get the SSQLS filled with xxx.prevhash.assign(pointer to binary
data, length) and then doing:
q << "SELECT height FROM ChainBlocks WHERE hash=" <<
mysqlpp::quote << xxx.prevhash;
gets the correct query sent to the database (prevhash is quoted and
escaped)
2) Get the SSQLS filled from a select query like:
q << "SELECT * FROM ChainBlocks WHERE status<1";
q.storein(some vector y of ChainBlocks); (vector y gets
filled correctly with the stored binary data)
and then doing the exact same SELECT query as above with this vector
y:
q << "SELECT height FROM ChainBlocks WHERE hash=" <<
mysqlpp::quote <<< y[i].prevhash;
doesn't send the correct query: y[i].prevhash only gets quoted, not
escaped.
So the basic question is: why does the mysqlpp::quote manipulator decides in
the second case that only quoting is needed ?
