How to escape strings in sql stmts

How to escape strings in sql stmts

Postby Guest » Tue 17 May 2005 13:04

Do you provide a method to escape strings (e.g. mysql_real_escape_string() ) I can use when constructing my own sql stmts.
Guest
 

Postby Serious » Tue 17 May 2005 13:23

We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.
Code: Select all
string EscapeString(string s)
{
   s = s.Replace("\", "\");
   s = s.Replace("\", "\");
   s = s.Replace("\"", "\"");
   s = s.Replace("`", "\`");
   s = s.Replace("ґ", "\ґ");
   s = s.Replace("’", "\’");
   s = s.Replace("‘", "\‘");
   return s;
}
Serious
 

Postby ca_cruiser » Tue 17 May 2005 13:36

If I use Parameters, are the strings escaped?
ca_cruiser
 
Posts: 13
Joined: Tue 17 May 2005 12:59

Postby Serious » Tue 17 May 2005 13:49

Parameters in the queries that MySQLDirect sends to server are escaped at every command execution, so you can safely send any string or binary data using our ADO .NET provider.
Serious
 

Postby ca_cruiser » Tue 24 May 2005 19:39

Cannot tell what the 5th replace statment is (\r)?

Serious wrote:We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.
Code: Select all
string EscapeString(string s)
{
   s = s.Replace("\", "\");
   s = s.Replace("\", "\");
   s = s.Replace(""", "\"");
   s = s.Replace("`", "\`");
   s = s.Replace("ґ", "\ґ");
   s = s.Replace("’", "\’");
   s = s.Replace("‘", "\‘");
   return s;
}
ca_cruiser
 
Posts: 13
Joined: Tue 17 May 2005 12:59

Postby Serious » Wed 25 May 2005 09:22

For more information about string escaping see MySQL Server sources (for example, mysys/charset.c file in v4.1.9)
Serious
 


Return to dotConnect for MySQL