"Go" MySQL database--mysql_real_escape_string () function

MySQL database--mysql_real_escape_string () function

From: http://www.cppblog.com/woaidongmao/archive/2009/08/13/93154.html

unsigned long mysql_real_escape_string (MySQL *mysql, char *to, const char *from, unsigned long length)

Note that MySQL must be a valid open connection. It is required because the escape function depends on the character set used by the server.

Describe

This function is used to create a valid SQL string that can be used in SQL statements. See section 9.1, 1, "string".

Encodes the string in "from" as an escaped SQL string, according to the current character set of the connection. Place the result in "to" and add 1 null bytes for finalization. The encoded characters are nul (ASCII 0), ' \\n ', ' \\r ', ' \ \ ', ' ', ' ', and control-z (see section 9.1, "literal value"). (Strictly speaking, MySQL only needs backslashes and quote characters to refer to the strings in the escaped query.) The function can reference other characters, making them more readable in the log file.

The "from" string must be a length byte "long". The "to" buffer must be assigned at least length*2+1 bytes. In the worst case scenario, each character may need to be encoded with 2 bytes, and the null byte needs to be terminated. When mysql_real_escape_string () returns, the content of "to" is a null-terminated string. The return value is the length of the encoded string, not including the terminating null character.

If you need to change the character set of the connection, you should use the Mysql_set_character_set () function instead of executing the set NAMES (or set character set) statement. Mysql_set_character_set () works similarly to set NAMES, but it can also affect the character set used by Mysql_real_escape_string (), while set NAMES does not .

Example:

Char query[1000],*end;

End = Strmov (query, "INSERT into test_table values (");

*end++ = ' \ \ ';

End + = mysql_real_escape_string (&mysql, End, "What's This", 11);

*end++ = ' \ \ ';

*end++ = ', ';

*end++ = ' \ \ ';

End + = mysql_real_escape_string (&mysql, end, "Binary data: \\0\\r\\n", 16);

*end++ = ' \ \ ';

*end++ = ') ';

if (Mysql_real_query (&mysql,query, (unsigned int) (end-query)))

{

fprintf (stderr, "Failed to insert Row, Error:%s\\n",

Mysql_error (&mysql));

}

The Strmov () function used in this example is contained in the Mysqlclient library and works like strcpy (), but returns a pointer to the 1th parameter terminating with NULL.

return value

The length of the value that is placed in "to", excluding the terminating null character.

Error

No.

"Go" MySQL database--mysql_real_escape_string () function