在一个营养餐中,我通常在C内使用印本建造一个MySQL的盘问场。
i.e.
sprintf(sqlcmd,"update foo set dog="lab" where description="%s"",some_desc);
mysql_query(some_conn,sqlcmd);
然而,如果有些_像Crazy 5” Dog,那么MySql服务器会 s,因为它混淆了 d语。
Is it best, within C, to scan some_desc replacing " with "", OR is there a function in MySql to wrap this better... i.e. description=string(Crazy 5" Dog) ?
感谢!
Although MySQL has a mysql_real_escape_string() function, you should probably be using prepared statements instead, which allow you to use ? placeholders instead of real parameters, and then bind them to the real parameters before each execution of the statement.
我想写出一个简单的逃脱功能,如:
size_t escape_mysql_string(const char * input, size_t input_size,
char * output, size_t output_size)
{
unsigned long ipos; // position within input buffer
unsigned long opos; // position within output buffer
// quick check to verify output buffer is at least as large as input buffer
if (output_size < (input_size+2))
return(0);
// loop through input buffer
opos = 0;
for(ipos = 0; ((ipos < input_size) && (input[ipos])); ipos++)
{
// verify that output buffer has room for escaped input
if ((opos+2) >= output_size)
{
output[opos] = � ;
return(opos);
};
switch(input[ipos])
{
// escape ("""), (" "), (""), ("%"), and ("_") characters
case :
case " :
case \ :
case % :
case _ :
output[opos] = \ ;
opos++;
output[opos] = input[ipos];
break;
// escape newlines
case
:
output[opos] = \ ;
opos++;
output[opos] = n ;
break;
// escape carriage returns
case
:
output[opos] = \ ;
opos++;
output[opos] = r ;
break;
// escape tabs
case :
output[opos] = \ ;
opos++;
output[opos] = t ;
break;
// save unescapd input character
default:
output[opos] = input[ipos];
break;
};
opos++;
};
output[opos] = � ;
return(opos);
}
该呼吁的内容如下:
char some_escaped_desc[1024];
escape_mysql_string(some_desc, strlen(some_desc), some_escaped_desc, 1024);
For example, let s say I want to find a particular word or number in a file. The contents are in sorted order (obviously). Since I want to run a binary search on the file, it seems like a real waste ...
最好、最小、最快、开放的来源、C/C++ 3d 提供方(在3ds max模型的支持下),而不是通用公平市价,
Given a 10 digit Telephone Number, we have to print all possible strings created from that. The mapping of the numbers is the one as exactly on a phone s keypad. i.e. for 1,0-> No Letter for 2->...
I m trying to find the source of a bug I have found in an open-source application. I have managed to get a build up and running on my Windows machine, but I m having trouble finding the spot in the ...
I wrote below code to readin line by line from stdin ex. city=Boston;city=New York;city=Chicago and then split each line by ; delimiter and print each record. Then in yet another loop I try to ...
I was wondering if there were any good free graphics libraries for C that are easy to use? It s for plotting 2d and 3d graphs and then saving to a file. It s on a Linux system and there s no gnuplot ...
Is there anything other than DDD that will draw diagrams of my data structures like DDD does that runs on Linux? ddd is okay and runs, just kind of has an old klunky feeling to it, just wanted to ...
Please note that this is not homework and i did search before starting this new thread. I got Store an int in a char array? I was looking for an answer but didn t get any satisfactory answer in the ...