FiveTech Support Forums

FiveWin / Harbour / xBase community
Board indexAll discussionsLogin (GitHub)
Board index mod_harbour Mysql_real_escape_string() problem
ricbarraes
Posts: 55
Joined: Tue Jun 30, 2015 02:26 AM
Mysql_real_escape_string() problem
Posted: Fri Sep 11, 2020 01:01 PM

Hello everyone,

I'm trying to call the mysql_real_escape_string() from both libmysql.dll and libmariadb.dll inside a webservice, but it's not working...

does anybody know what could be the problem??

cSQL:=mysql_real_escape_string(::pLib,::hConnection,cSQL)

function mysql_real_escape_string(pLib, hConnect, cQuery)

return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, cQuery, cQuery, Len(cQuery)

Enviado do meu iPhone usando Tapatalk

Sds,
Ricardo Arraes
ricardo@vfatec.com.br
Antonio Linares
Posts: 44158
Joined: Thu Oct 06, 2005 05:47 PM
Re: Mysql_real_escape_string() problem
Posted: Fri Sep 11, 2020 05:03 PM
Ricardo,

Have you checked this note from the docs ?

https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.html

Note
mysql_real_escape_string() fails and produces an CR_INSECURE_API_ERR error if the NO_BACKSLASH_ESCAPES SQL mode is enabled. In this case, the function cannot escape quote characters except by doubling them, and to do this properly, it must know more information about the quoting context than is available. Instead, use mysql_real_escape_string_quote(), which takes an extra argument for specifying the quoting context.

What error do you get ?
regards, saludos

Antonio Linares
www.fivetechsoft.com
ricbarraes
Posts: 55
Joined: Tue Jun 30, 2015 02:26 AM
Re: Mysql_real_escape_string() problem
Posted: Sun Sep 13, 2020 01:25 AM
Hey Antonio! thanks for your answer...

Yes I checked the documentation but I didn't pay mucha attention to the return of the function...
I was assuming that they were returning the escaped string, but, in fact,- correct me if I'm wrong - the return is the length of the result string.

So I made a couple of changes like that:

Code (fw): Select all Collapse
mysql_real_escape_string_quote(::pLib,::hConnection,@cSQL)
::nRetVal := mysql_query( ::pLib, ::hConnection, cSQL )     

function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string_quote", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, cQuery, cQuery,  Len(cQuery),"\'")


And now I'm not getting any error, the application is not crashing, but I don't know if the escape is really working because I'm getting NIL as a return from the mysql_real_escape_string_quote()...
Sds,
Ricardo Arraes
ricardo@vfatec.com.br
ricbarraes
Posts: 55
Joined: Tue Jun 30, 2015 02:26 AM
Re: Mysql_real_escape_string() problem
Posted: Sun Sep 13, 2020 02:03 AM
Never mind Antonio!

Everything is working properly right now!
Thank you so much, my friend


Code (fw): Select all Collapse
METHOD Escape(cParam)
   
   LOCAL nTeste
   if ! Empty( ::pLib )
      ::hMySQL = mysql_init(::pLib)       
         
      if ::hMySQL != 0
         ::hConnection = mysql_real_connect( ::pLib,::cHost, ::cUser, AP_GETENV( 'PASSWORDTEST' ), ::cSchema, ::nPort, ::hMySQL )
         
         if ::hConnection != ::hMySQL
            //? "Error on connection to server " + ::cHost,::hConnection , ::hMySQL
            RETURN NIL
         endif
      endif 
      
      nTeste:=mysql_real_escape_string_quote(::pLib,::hConnection,@cParam)
      ?nTeste
            
      mysql_close(::pLib,::hConnection)
   else
      ? ::cLibName + " not available"     
   endif   


 RETURN cParam



function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, @cQuery, cQuery,  Len(cQuery), "\'")

function mysql_real_escape_string(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, @cQuery, cQuery,  Len(cQuery))
Sds,
Ricardo Arraes
ricardo@vfatec.com.br
Antonio Linares
Posts: 44158
Joined: Thu Oct 06, 2005 05:47 PM
Re: Mysql_real_escape_string() problem
Posted: Sun Sep 13, 2020 07:59 AM

very good :-)

regards, saludos

Antonio Linares
www.fivetechsoft.com

Continue the discussion

Static archive · New replies & topics via GitHub Discussions