等具体研究完写篇完整的,现在只是作为一个标记,以免忘记mysql_real_escape_string函数。

mysql_real_escape_string()

unsigned long mysql_real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length)

Note that mysql must be a valid, open connection. This is needed because the escaping depends on the character set in use by the server.

Description

This function is used to create a legal SQL string that you can use in an SQL statement. See Section9.1.1, “Strings”.

The string in from is encoded to an escaped SQL string, taking into account the current character set of the connection. The result is placed in to and a terminating null byte is appended. Characters encoded are NUL (ASCII 0), ‘/n’, ‘/r’, ‘/’, ‘'’, ‘"’, and Control-Z (see Section9.1, “Literal Values”). (Strictly speaking, MySQL requires only that backslash and the quote character used to quote the string in the query be escaped. This function quotes the other characters to make them easier to read in log files.)

The string pointed to by from must be length bytes long. You must allocate the to buffer to be at least length*2+1 bytes long. (In the worst case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.) When mysql_real_escape_string() returns, the contents of to is a null-terminated string. The return value is the length of the encoded string, not including the terminating null character.

If you need to change the character set of the connection, you should use the mysql_set_character_set() function rather than executing a SET NAMES (or SET CHARACTER SET) statement. mysql_set_character_set() works like SET NAMES but also affects the character set used by mysql_real_escape_string(), which SET NAMES does not.

Example 

char query[1000],*end;

end = strmov(query,"INSERT INTO test_table values(");
*end++ = '/'';
end += mysql_real_escape_string(&mysql, end,"What's this",11);
*end++ = '/'';
*end++ = ',';
*end++ = '/'';
end += mysql_real_escape_string(&mysql, end,"binary data: /0/r/n",16);
*end++ = '/'';
*end++ = ')';

if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
{
   fprintf(stderr, "Failed to insert row, Error: %s/n",
           mysql_error(&mysql));
}

The strmov() function used in the example is included in the mysqlclient library and works like strcpy() but returns a pointer to the terminating null of the first parameter.

Return Values

The length of the value placed into to, not including the terminating null character.

Errors

None.

更多相关文章

  1. mysql利用st_distance函数查询附近的点的功能
  2. mySql中SUBSTRING_INDEX函数用法
  3. 在H2数据库中插入时间——函数“PARSEDATETIME”未找到
  4. MySQL 运算符和函数
  5. 使用QSqlDatabase类的open函数导致程序崩溃
  6. 如何在php imap函数中看到看不见的电子邮件
  7. MySQL 自定义函数.txt
  8. hibernate(*.hbm.xml)中新添加的字段被标记为红色(找不到)的解决方法
  9. mysql 中使用聚合函数sum()后出现很长的小数

随机推荐

  1. PHP 生成随机红包算法
  2. 使用phpqrcode生成二维码
  3. php调试利器:FirePHP的安装与使用
  4. PHP Redis相关操作大全
  5. 高级PHP工程师必备的编码技巧及思维
  6. PHP的isset()、is_null、empty()使用总结
  7. PHP上传图片到数据库并显示
  8. PHP开发常见功能实现流程
  9. PHP 文字生成透明图片之路
  10. php技巧:在实例中调用 Invoke 类型的类