Mysql_real_escape_string() problem

mod_harbour is an Apache module that allows to run PRGs directly on the web !!!

Mysql_real_escape_string() problem

Postby ricbarraes » Fri Sep 11, 2020 1:01 pm

Hello everyone,

I'm trying to call the mysql_real_escape_string() from both libmysql.dll and libmariadb.dll inside a webservice, but it's not working...

does anybody know what could be the problem??


cSQL:=mysql_real_escape_string(::pLib,::hConnection,cSQL)


function mysql_real_escape_string(pLib, hConnect, cQuery)

return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, cQuery, cQuery, Len(cQuery)


Enviado do meu iPhone usando Tapatalk
Sds,
Ricardo Arraes
ricardo@vfatec.com.br
User avatar
ricbarraes
 
Posts: 55
Joined: Tue Jun 30, 2015 2:26 am
Location: Brazil

Re: Mysql_real_escape_string() problem

Postby Antonio Linares » Fri Sep 11, 2020 5:03 pm

Ricardo,

Have you checked this note from the docs ?

https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.html

Note
mysql_real_escape_string() fails and produces an CR_INSECURE_API_ERR error if the NO_BACKSLASH_ESCAPES SQL mode is enabled. In this case, the function cannot escape quote characters except by doubling them, and to do this properly, it must know more information about the quoting context than is available. Instead, use mysql_real_escape_string_quote(), which takes an extra argument for specifying the quoting context.

What error do you get ?
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
Antonio Linares
Site Admin
 
Posts: 42122
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain

Re: Mysql_real_escape_string() problem

Postby ricbarraes » Sun Sep 13, 2020 1:25 am

Hey Antonio! thanks for your answer...

Yes I checked the documentation but I didn't pay mucha attention to the return of the function...
I was assuming that they were returning the escaped string, but, in fact,- correct me if I'm wrong - the return is the length of the result string.

So I made a couple of changes like that:

Code: Select all  Expand view  RUN
mysql_real_escape_string_quote(::pLib,::hConnection,@cSQL)
::nRetVal := mysql_query( ::pLib, ::hConnection, cSQL )    

function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string_quote", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, cQuery, cQuery,  Len(cQuery),"'")
 


And now I'm not getting any error, the application is not crashing, but I don't know if the escape is really working because I'm getting NIL as a return from the mysql_real_escape_string_quote()...
Sds,
Ricardo Arraes
ricardo@vfatec.com.br
User avatar
ricbarraes
 
Posts: 55
Joined: Tue Jun 30, 2015 2:26 am
Location: Brazil

Re: Mysql_real_escape_string() problem

Postby ricbarraes » Sun Sep 13, 2020 2:03 am

Never mind Antonio!

Everything is working properly right now!
Thank you so much, my friend


Code: Select all  Expand view  RUN
METHOD Escape(cParam)
   
   LOCAL nTeste
   if ! Empty( ::pLib )
      ::hMySQL = mysql_init(::pLib)      
         
      if ::hMySQL != 0
         ::hConnection = mysql_real_connect( ::pLib,::cHost, ::cUser, AP_GETENV( 'PASSWORDTEST' ), ::cSchema, ::nPort, ::hMySQL )
         
         if ::hConnection != ::hMySQL
            //? "Error on connection to server " + ::cHost,::hConnection , ::hMySQL
            RETURN NIL
         endif
      endif
     
      nTeste:=mysql_real_escape_string_quote(::pLib,::hConnection,@cParam)
      ?nTeste
           
      mysql_close(::pLib,::hConnection)
   else
      ? ::cLibName + " not available"    
   endif  


 RETURN cParam



function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, @cQuery, cQuery,  Len(cQuery), "'")

function mysql_real_escape_string(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, @cQuery, cQuery,  Len(cQuery))

 
Sds,
Ricardo Arraes
ricardo@vfatec.com.br
User avatar
ricbarraes
 
Posts: 55
Joined: Tue Jun 30, 2015 2:26 am
Location: Brazil

Re: Mysql_real_escape_string() problem

Postby Antonio Linares » Sun Sep 13, 2020 7:59 am

very good :-)
regards, saludos

Antonio Linares
www.fivetechsoft.com
User avatar
Antonio Linares
Site Admin
 
Posts: 42122
Joined: Thu Oct 06, 2005 5:47 pm
Location: Spain


Return to mod_harbour

Who is online

Users browsing this forum: No registered users and 4 guests