Re: Insert Problem in C API

Aigars Grins Thu, 12 Apr 2001 05:19:57 -0700
> sprintf(szQuery,"Insert into mytable(mycol)values '%s' ",
>                           mydata);
> where mydata is a C variable containing a large text item
>
> The problem occurs when mydata contains a single quote, then that single
quote is taken as the end of the column value by the MySQL parser and the
data after the quote is ignored resulting in an error.

use:

    /* unsigned int mysql_real_escape_string(MYSQL *mysql, char *to, const
char *from, unsigned int length) */
    mysql_real_escape_string(ms, szQuery, mydata, strlen(mydata));

then:

    sprintf(szQuery, "INSERT INTO mytable(mycol) VALUES '%s'", szQuery);

as stated from:

    http://www.mysql.com/doc/m/y/mysql_real_escape_string.html

--
Aigars




---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Insert Problem in C API

Reply via email to
