Mysql_real_escape_string() problem
Posted:
Fri Sep 11, 2020 1:01 pmby ricbarraes
Hello everyone,
I'm trying to call the mysql_real_escape_string() from both libmysql.dll and libmariadb.dll inside a webservice, but it's not working...
does anybody know what could be the problem??
cSQL:=mysql_real_escape_string(::pLib,::hConnection,cSQL)
function mysql_real_escape_string(pLib, hConnect, cQuery)
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, cQuery, cQuery, Len(cQuery)
Enviado do meu iPhone usando Tapatalk
Re: Mysql_real_escape_string() problem
Posted:
Fri Sep 11, 2020 5:03 pmby Antonio Linares
Ricardo,
Have you checked this note from the docs ?
https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.htmlNote
mysql_real_escape_string() fails and produces an CR_INSECURE_API_ERR error if the NO_BACKSLASH_ESCAPES SQL mode is enabled. In this case, the function cannot escape quote characters except by doubling them, and to do this properly, it must know more information about the quoting context than is available. Instead, use mysql_real_escape_string_quote(), which takes an extra argument for specifying the quoting context.
What error do you get ?
Re: Mysql_real_escape_string() problem
Posted:
Sun Sep 13, 2020 1:25 amby ricbarraes
Hey Antonio! thanks for your answer...
Yes I checked the documentation but I didn't pay mucha attention to the return of the function...
I was assuming that they were returning the escaped string, but, in fact,- correct me if I'm wrong - the return is the length of the result string.
So I made a couple of changes like that:
- Code: Select all Expand view
mysql_real_escape_string_quote(::pLib,::hConnection,@cSQL)
::nRetVal := mysql_query( ::pLib, ::hConnection, cSQL )
function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
return hb_DynCall( { "mysql_real_escape_string_quote", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, cQuery, cQuery, Len(cQuery),"'")
And now I'm not getting any error, the application is not crashing, but I don't know if the escape is really working because I'm getting NIL as a return from the mysql_real_escape_string_quote()...
Re: Mysql_real_escape_string() problem
Posted:
Sun Sep 13, 2020 2:03 amby ricbarraes
Never mind Antonio!
Everything is working properly right now!
Thank you so much, my friend
- Code: Select all Expand view
METHOD Escape(cParam)
LOCAL nTeste
if ! Empty( ::pLib )
::hMySQL = mysql_init(::pLib)
if ::hMySQL != 0
::hConnection = mysql_real_connect( ::pLib,::cHost, ::cUser, AP_GETENV( 'PASSWORDTEST' ), ::cSchema, ::nPort, ::hMySQL )
if ::hConnection != ::hMySQL
//? "Error on connection to server " + ::cHost,::hConnection , ::hMySQL
RETURN NIL
endif
endif
nTeste:=mysql_real_escape_string_quote(::pLib,::hConnection,@cParam)
?nTeste
mysql_close(::pLib,::hConnection)
else
? ::cLibName + " not available"
endif
RETURN cParam
function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, @cQuery, cQuery, Len(cQuery), "'")
function mysql_real_escape_string(pLib, hConnect, cQuery)
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, @cQuery, cQuery, Len(cQuery))
