mySql escape string
An external Rexx function package to connect to SQL databases
Brought to you by:
rexx
Menu
▾
▴
#5 mySql escape string
Hi Mark,
mySql makes a function real_escape_string() available to api users, but for some reason not as far as I can see to query users.
I have always had a very simple equivalent written in rexx that does a few changestr on the query, but I have now become aware that what needs escaping changes from mySql version to version.
If it is not too much trouble, and without a sense of urgency it would be nice to have access to that function through rexx/sql
thanks Jon
Hi Jon,
There are 2 ways I can implement this:
1) Provide a MYEscapeString() function which calls mysql_real_escape_string() and returns the escaped string
2) Add a SQLVariable() option to turn on "escaping" so that when a string value is passed to SQLCommand() or SQLExecute() as a bind variable it is escaped.
Option 1 provides more flexibility for the user but adds an external function that is just for mySQL (not that there aren't other examples of this)
Option 2 is neater, but enforces the escaping to be done for all string values and only for bind values. ie if you call SQLCommand '1i', 'insert into table1 values( "'myunescapedstring'")' no escaping is possible
Preferences?
Last edit: Mark Hessling 2024-03-25
I've given this a bit more thought and I think Option 1 is best. Disadvantage of Option 2 is that it would be slower.