Page 1 of 1
How to escape strings in sql stmts
Posted: Tue 17 May 2005 13:04
by Guest
Do you provide a method to escape strings (e.g. mysql_real_escape_string() ) I can use when constructing my own sql stmts.
Posted: Tue 17 May 2005 13:23
by Serious
We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.
Code: Select all
string EscapeString(string s)
{
s = s.Replace("\", "\");
s = s.Replace("\", "\");
s = s.Replace("\"", "\"");
s = s.Replace("`", "\`");
s = s.Replace("ґ", "\ґ");
s = s.Replace("’", "\’");
s = s.Replace("‘", "\‘");
return s;
}
Posted: Tue 17 May 2005 13:36
by ca_cruiser
If I use Parameters, are the strings escaped?
Posted: Tue 17 May 2005 13:49
by Serious
Parameters in the queries that MySQLDirect sends to server are escaped at every command execution, so you can safely send any string or binary data using our ADO .NET provider.
Posted: Tue 24 May 2005 19:39
by ca_cruiser
Cannot tell what the 5th replace statment is (\r)?
Serious wrote:We do not provide public method for string escaping.
Here is the simplest example of the string escaping in MySQL way.
Code: Select all
string EscapeString(string s)
{
s = s.Replace("\", "\");
s = s.Replace("\", "\");
s = s.Replace(""", "\"");
s = s.Replace("`", "\`");
s = s.Replace("ґ", "\ґ");
s = s.Replace("’", "\’");
s = s.Replace("‘", "\‘");
return s;
}
Posted: Wed 25 May 2005 09:22
by Serious
For more information about string escaping see MySQL Server sources (for example, mysys/charset.c file in v4.1.9)