How to escape strings in sql stmts

Guest · Post by **Guest** » Tue 17 May 2005 13:04

Do you provide a method to escape strings (e.g. mysql_real_escape_string() ) I can use when constructing my own sql stmts.

Serious · Post by **Serious** » Tue 17 May 2005 13:23

We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.

Code: Select all

string EscapeString(string s)
{
	s = s.Replace("\", "\");
	s = s.Replace("\", "\");
	s = s.Replace("\"", "\"");
	s = s.Replace("`", "\`");
	s = s.Replace("ґ", "\ґ");
	s = s.Replace("’", "\’");
	s = s.Replace("‘", "\‘");
	return s;
}

ca_cruiser · Post by **ca_cruiser** » Tue 17 May 2005 13:36

If I use Parameters, are the strings escaped?

Serious · Post by **Serious** » Tue 17 May 2005 13:49

Parameters in the queries that MySQLDirect sends to server are escaped at every command execution, so you can safely send any string or binary data using our ADO .NET provider.

ca_cruiser · Post by **ca_cruiser** » Tue 24 May 2005 19:39

Cannot tell what the 5th replace statment is (\r)?

Serious wrote:We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.
Code: Select all
string EscapeString(string s)
{
	s = s.Replace("\", "\");
	s = s.Replace("\", "\");
	s = s.Replace(""", "\"");
	s = s.Replace("`", "\`");
	s = s.Replace("ґ", "\ґ");
	s = s.Replace("’", "\’");
	s = s.Replace("‘", "\‘");
	return s;
}

Serious · Post by **Serious** » Wed 25 May 2005 09:22

For more information about string escaping see MySQL Server sources (for example, mysys/charset.c file in v4.1.9)