Example for using mysql_real_escape_string()

[tewari68]

Hi,
I want to escape any special characters in the input field before inserting the data into mysql tables in C++.
I know we can use

mysql_real_escape_string()

function, however I am unsure how to use it, can anybody point me to any examples on this, or write me an example regarding what parameters this function takes and how to use this function.
Thanks,
Tewari

 

[TonyGroves]

It's described here:

http://dev.mysql.com/doc/mysql/en/mysql-real-escape-string.html

 

[tewari68]

Hi TonyGroves,
I figured out how to use the mysql_real_escape_string(). I use it as follows

char * S;

 mysql_real_escape_string(conn, S, m_headerSubject.c_str(), m_headerSubject.length());
  m_headerSubject = m_headerSubject.assign(S);

after this I call the routine which updates the database and enters the record in the table, however when I use mysql_real_escape_string() function, I start getting segmentation fault error, if I remove the above routine, everything works fine, do you have any idea why this is happening.
Appreciate any help.
Thanks,

 

[TonyGroves]

Did you allocate any memory for the output buffer (pointed to by S)? The manual says that you need at least 2*inputlength+1 bytes.

 

[tewari68]

Hi TonyGroves,
Sorry for the late reply, I was not allocating the memory for the output buffer, now it works fine, however I noticed that this function does not work 100% of the time, it breaks randomly some of the times, can you suggest why this happens or is there any other alternative to this function.
Thanks,
Tewari

 

[TonyGroves]

If your original string is properly escaped, then you won't need to use any conversion function at all.

 

[tewari68]

I most of the cases the string is properly escaped and everything works fine but I have observed in some cases my prog. is executed till the point where I am calling this function and then breaks, suggesting that there is some wrong in using this function.

what will be the effect of the character set being used in the open connection.

If I remove the function, the prog. works fine 100% of the time, though the strings requiring escape sequence are not entered into the database.

 

[TonyGroves]

I don't see any reason why this function wouldn't work for you. It's used by millions of people around the world every day. Maybe you should check your program code.

 

[tewari68]

here is the code
I extract the subject field from an incoming message and then log it into the database.

// Escaping special characters in the Subject field
        char * S = new char[strlen(m_headerSubject.c_str())*3 +1];
        mysql_real_escape_string(conn, S, m_headerSubject.c_str(), m_headerSubject.length());
        m_headerSubject = m_headerSubject.assign(S);

Please let me know if I am doing something wrong here.
Thanks

 

[TonyGroves]

That looks OK.
If you wanted, you could replace the last line with[tt]
m_headerSubject=S;[/tt]

What errors are you getting?

 

[tewari68]

Not getting any errors, the program just exits out at the point where I am using this function, in the debug routine also I can't see any errors.
I will change the last line and see if that makes any difference, though that shouldn't.
Let you know.
Thanks