On Aug 26, 2011, at 2:02 AM, Glenn L. Austin wrote: > > On Aug 25, 2011, at 2:03 PM, Alexander Reichstadt wrote: > >> Hi, >> >> Thank you for your many responses. >> >>> const char *cstr = [s UTF8String]; >>> mysql_stmt_prepare(myStatement, cstr, strlen(cstr)); >> >> >> This fixed the bug. >> >> Alexander > > Just in case the string has a NULL character, I'd use:
This is an interesting point. However, I would first consult the MySQL documentation how it handles UTF-8. Unicode NULL (U+0000) isn't the only Unicode scalar value which should be rejected by a database engine when encountered in the command string. For instance, any Unicode noncharacter and possibly control characters (U+0001 to U+001F) should not be accepted. It may allow Unicode NULL in string data, though, but usually not. Only if the database engine lacks proper handling of Unicode sequences itself (which I don't think is true), and which in turn may cause security issues, I would preprocess the input and reject it as a whole when something is bogus. > > NSData *data = [s dataUsingEncoding:NSUTF8StringEncoding]; > mysql_stmt_prepare(myStatement, [data bytes], [data length]); > > Of course, if you *did* have a NULL character in your string, then the > mysql_stmt_prepare would probably barf at some point. You could use the > comparison of strlen() and [data length] to make sure that you're not passing > a NULL. > > -- > Glenn L. Austin, Computer Wizard and Race Car Driver <>< > <http://www.austin-soft.com> > _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
