> I'm using MySQL 3.21.33b on UNIX and LINUX. I have read a document on
> the web called MySQL C API, which states that "you must ensure that you
> encode the values properly" - with mysql_escape_string() - when sending
> queries to the MySQL server. Is the C API function mysql_escape_string()
> really necessary to send queries to the MySQL server?
> For example, I have coded a small C program which inserts data into a
> table. The second attribute is a string (c_name), which is encased by
> single quotes. I have not used the mysql_escape_string() function to
> "encode the values properly".
> I have coded following query
> INSERT INTO customer(c_no, c_name) VALUES (1, 'Jaco Pastorius');
And if the customer's name is 'Tim O'Manion' ?