c:mysql:mysql.h:mysql_escape_string
Differences
This shows you the differences between two versions of the page.
|
c:mysql:mysql.h:mysql_escape_string [2013/02/03 20:19] 127.0.0.1 external edit |
c:mysql:mysql.h:mysql_escape_string [2024/02/16 01:12] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== mysql_escape_string ====== | ====== mysql_escape_string ====== | ||
| <code c> | <code c> | ||
| + | unsigned long mysql_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length) | ||
| </code> | </code> | ||
| ==== description of mysql_escape_string ==== | ==== description of mysql_escape_string ==== | ||
| - | mysql_escape_string is in work by code-reference.com \\ | + | mysql_escape_string escape a mysql string\\ |
| - | if you are faster... don't hasitate and add it | + | " will be escaped |
| + | ; will not be escaped | ||
| + | |||
| + | ! [[c:mysql:mysql.h:mysql_escape_string|mysql_escape_string]] is outdated use [[c:mysql:mysql.h:mysql_real_escape_string|mysql_real_escape_string]] instead ! | ||
| <code c> | <code c> | ||
| - | no example at the moment | + | #include <stdio.h> /* including standard library */ |
| + | #include <mysql/mysql.h> | ||
| + | |||
| + | MYSQL *my; | ||
| + | MYSQL_RES *result; | ||
| + | int main( void ){ | ||
| + | char host[20]; | ||
| + | char user[20]; | ||
| + | char pass[20]; | ||
| + | |||
| + | // variables for escape | ||
| + | char from[90]; | ||
| + | char query[90]; | ||
| + | char to[90]; | ||
| + | unsigned int length = 0; | ||
| + | |||
| + | my = mysql_init(NULL); | ||
| + | |||
| + | sprintf(host,"localhost"); | ||
| + | sprintf(user,"username"); | ||
| + | sprintf(pass,"password"); | ||
| + | |||
| + | if (my == NULL ) { | ||
| + | printf("Cant initalisize MySQL\n"); | ||
| + | return 1; | ||
| + | } | ||
| + | |||
| + | if( mysql_real_connect (my,host,user,pass,NULL,0,NULL,0) == NULL) { | ||
| + | printf("Error cant login\n"); | ||
| + | } else { | ||
| + | printf("Login correct\n"); | ||
| + | } | ||
| + | |||
| + | |||
| + | mysql_select_db(my, "test"); | ||
| + | |||
| + | // e.g. what the user send ... in this case a SQL injection | ||
| + | sprintf(from, "user1 ; SELECT * FROM usertable WHERE userid = \"user2\""); | ||
| + | |||
| + | |||
| + | length = strlen(from); | ||
| + | |||
| + | mysql_escape_string(to, from, length); | ||
| + | |||
| + | // new escaped string | ||
| + | sprintf(query, "SELECT id FROM usertable WHERE user_id = \"%s\"; ",to); | ||
| + | |||
| + | printf("%s\n",query); | ||
| + | |||
| + | mysql_close(my); | ||
| + | return 0; | ||
| + | } | ||
| </code> | </code> | ||
| ===== output of mysql_escape_string c example ===== | ===== output of mysql_escape_string c example ===== | ||
| - | no example at the moment | + | Login correct |
| + | SELECT id FROM usertable WHERE user_id = "user1 ; SELECT * FROM usertable WHERE userid = \"user2\""; | ||
on the occasion of the current invasion of Russia in Ukraine
c/mysql/mysql.h/mysql_escape_string.1359919178.txt · Last modified: 2024/02/16 01:11 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
