Mysql_real_escape_string() problem

[ricbarraes]

Hello everyone,

I'm trying to call the mysql_real_escape_string() from both libmysql.dll and libmariadb.dll inside a webservice, but it's not working...

does anybody know what could be the problem??


cSQL:=mysql_real_escape_string(::pLib,::hConnection,cSQL)


function mysql_real_escape_string(pLib, hConnect, cQuery)

return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, cQuery, cQuery, Len(cQuery)


Enviado do meu iPhone usando Tapatalk

[Antonio Linares]

Ricardo,

Have you checked this note from the docs ?

https://dev.mysql.com/doc/c-api/8.0/en/ ... tring.html

Note
mysql_real_escape_string() fails and produces an CR_INSECURE_API_ERR error if the NO_BACKSLASH_ESCAPES SQL mode is enabled. In this case, the function cannot escape quote characters except by doubling them, and to do this properly, it must know more information about the quoting context than is available. Instead, use mysql_real_escape_string_quote(), which takes an extra argument for specifying the quoting context.

What error do you get ?

[ricbarraes]

Hey Antonio! thanks for your answer...

Yes I checked the documentation but I didn't pay mucha attention to the return of the function...
I was assuming that they were returning the escaped string, but, in fact,- correct me if I'm wrong - the return is the length of the result string.

So I made a couple of changes like that:

Code: Select all

mysql_real_escape_string_quote(::pLib,::hConnection,@cSQL)
::nRetVal := mysql_query( ::pLib, ::hConnection, cSQL )     

function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string_quote", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, cQuery, cQuery,  Len(cQuery),"\'")
 

And now I'm not getting any error, the application is not crashing, but I don't know if the escape is really working because I'm getting NIL as a return from the mysql_real_escape_string_quote()...

[ricbarraes]

Never mind Antonio!

Everything is working properly right now!
Thank you so much, my friend

Code: Select all

METHOD Escape(cParam)
   
   LOCAL nTeste
   if ! Empty( ::pLib )
      ::hMySQL = mysql_init(::pLib)       
         
      if ::hMySQL != 0
         ::hConnection = mysql_real_connect( ::pLib,::cHost, ::cUser, AP_GETENV( 'PASSWORDTEST' ), ::cSchema, ::nPort, ::hMySQL )
         
         if ::hConnection != ::hMySQL
            //? "Error on connection to server " + ::cHost,::hConnection , ::hMySQL
            RETURN NIL
         endif
      endif 
      
      nTeste:=mysql_real_escape_string_quote(::pLib,::hConnection,@cParam)
      ?nTeste
            
      mysql_close(::pLib,::hConnection)
   else
      ? ::cLibName + " not available"     
   endif   


 RETURN cParam



function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, @cQuery, cQuery,  Len(cQuery), "\'")

function mysql_real_escape_string(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, @cQuery, cQuery,  Len(cQuery))

 

[Antonio Linares]

very good