:: DEVELOPER ZONE
MySQL Reference Manual :: 24.2.3.47 mysql_real_escape_string()
Search the MySQL manual:
- 24.2.3 C API Function Descriptions
- 24.2.3.1 mysql_affected_rows()
- 24.2.3.2 mysql_change_user()
- 24.2.3.3 mysql_character_set_name()
- 24.2.3.4 mysql_close()
- 24.2.3.5 mysql_connect()
- 24.2.3.6 mysql_create_db()
- 24.2.3.7 mysql_data_seek()
- 24.2.3.8 mysql_debug()
- 24.2.3.9 mysql_drop_db()
- 24.2.3.10 mysql_dump_debug_info()
- 24.2.3.11 mysql_eof()
- 24.2.3.12 mysql_errno()
- 24.2.3.13 mysql_error()
- 24.2.3.14 mysql_escape_string()
- 24.2.3.15 mysql_fetch_field()
- 24.2.3.16 mysql_fetch_fields()
- 24.2.3.17 mysql_fetch_field_direct()
- 24.2.3.18 mysql_fetch_lengths()
- 24.2.3.19 mysql_fetch_row()
- 24.2.3.20 mysql_field_count()
- 24.2.3.21 mysql_field_seek()
- 24.2.3.22 mysql_field_tell()
- 24.2.3.23 mysql_free_result()
- 24.2.3.24 mysql_get_client_info()
- 24.2.3.25 mysql_get_client_version()
- 24.2.3.26 mysql_get_host_info()
- 24.2.3.27 mysql_get_proto_info()
- 24.2.3.28 mysql_get_server_info()
- 24.2.3.29 mysql_get_server_version()
- 24.2.3.30 mysql_hex_string()
- 24.2.3.31 mysql_info()
- 24.2.3.32 mysql_init()
- 24.2.3.33 mysql_insert_id()
- 24.2.3.34 mysql_kill()
- 24.2.3.35 mysql_library_init()
- 24.2.3.36 mysql_library_end()
- 24.2.3.37 mysql_list_dbs()
- 24.2.3.38 mysql_list_fields()
- 24.2.3.39 mysql_list_processes()
- 24.2.3.40 mysql_list_tables()
- 24.2.3.41 mysql_num_fields()
- 24.2.3.42 mysql_num_rows()
- 24.2.3.43 mysql_options()
- 24.2.3.44 mysql_ping()
- 24.2.3.45 mysql_query()
- 24.2.3.46 mysql_real_connect()
- 24.2.3.47 mysql_real_escape_string()
- 24.2.3.48 mysql_real_query()
- 24.2.3.49 mysql_reload()
- 24.2.3.50 mysql_row_seek()
- 24.2.3.51 mysql_row_tell()
- 24.2.3.52 mysql_select_db()
- 24.2.3.53 mysql_set_server_option()
- 24.2.3.54 mysql_shutdown()
- 24.2.3.55 mysql_sqlstate()
- 24.2.3.56 mysql_ssl_set()
- 24.2.3.57 mysql_stat()
- 24.2.3.58 mysql_store_result()
- 24.2.3.59 mysql_thread_id()
- 24.2.3.60 mysql_use_result()
- 24.2.3.61 mysql_warning_count()
- 24.2.3.62 mysql_commit()
- 24.2.3.63 mysql_rollback()
- 24.2.3.64 mysql_autocommit()
- 24.2.3.65 mysql_more_results()
- 24.2.3.66 mysql_next_result()
Additional languages
Additional formats
unsigned long mysql_real_escape_string(MYSQL *mysql, char
*to, const char *from, unsigned long length)
Note that mysql must be a valid, open
connection. This is needed because the escaping depends on the
character-set in use by the server.
Description
This function is used to create a legal SQL string that you can use in a SQL statement. See Section 9.1.1, “Strings”.
The string in from is encoded to an escaped SQL
string, taking into account the current character set of the
connection. The result is placed in to and a
terminating null byte is appended. Characters encoded are
NUL (ASCII 0), '\n',
'\r', '\',
''', '"', and Control-Z (see
Section 9.1, “Literal Values”). (Strictly speaking, MySQL requires
only that backslash and the quote character used to quote the
string in the query be escaped. This function quotes the other
characters to make them easier to read in log files.)
The string pointed to by from must be
length bytes long. You must allocate the
to buffer to be at least
length*2+1 bytes long. (In the worst case, each
character may need to be encoded as using two bytes, and you need
room for the terminating null byte.) When
mysql_real_escape_string() returns, the contents
of to is a null-terminated string. The return
value is the length of the encoded string, not including the
terminating null character.
Example
char query[1000],*end;
end = strmov(query,"INSERT INTO test_table values(");
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"What's this",11);
*end++ = '\'';
*end++ = ',';
*end++ = '\'';
end += mysql_real_escape_string(&mysql, end,"binary data: \0\r\n",16);
*end++ = '\'';
*end++ = ')';
if (mysql_real_query(&mysql,query,(unsigned int) (end - query)))
{
fprintf(stderr, "Failed to insert row, Error: %s\n",
mysql_error(&mysql));
}
The strmov() function used in the example is
included in the mysqlclient library and works
like strcpy() but returns a pointer to the
terminating null of the first parameter.
Return Values
The length of the value placed into to, not
including the terminating null character.
Errors
None.
© 1995-2005 MySQL AB. All rights reserved.
User Comments
Warning: query failed: Unknown column 'user.firstname' in 'field list' in /data0/sites/live/web-main/lib/mysql-cxn.php on line 69
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /data0/sites/live/web-main/lib/docbook.php on line 245
Add your own comment.