Menu

#5 mySql escape string

open
None
5
2024-03-25
2024-02-07
Jon Wolfers
No

Hi Mark,

mySql makes a function real_escape_string() available to api users, but for some reason not as far as I can see to query users.

I have always had a very simple equivalent written in rexx that does a few changestr on the query, but I have now become aware that what needs escaping changes from mySql version to version.

If it is not too much trouble, and without a sense of urgency it would be nice to have access to that function through rexx/sql

thanks Jon

Discussion

  • Mark Hessling

    Mark Hessling - 2024-03-25
    • assigned_to: Mark Hessling
     
  • Mark Hessling

    Mark Hessling - 2024-03-25

    Hi Jon,
    There are 2 ways I can implement this:
    1) Provide a MYEscapeString() function which calls mysql_real_escape_string() and returns the escaped string
    2) Add a SQLVariable() option to turn on "escaping" so that when a string value is passed to SQLCommand() or SQLExecute() as a bind variable it is escaped.

    Option 1 provides more flexibility for the user but adds an external function that is just for mySQL (not that there aren't other examples of this)
    Option 2 is neater, but enforces the escaping to be done for all string values and only for bind values. ie if you call SQLCommand '1i', 'insert into table1 values( "'myunescapedstring'")' no escaping is possible

    Preferences?

     

    Last edit: Mark Hessling 2024-03-25
  • Mark Hessling

    Mark Hessling - 2024-03-25

    I've given this a bit more thought and I think Option 1 is best. Disadvantage of Option 2 is that it would be slower.

     
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.