Re: [NEWBIE] Escaping (') from strings

From: Mike Stilson (
Date: 09/01/01

On Sat, Sep 01, 2001 at 10:52:04PM +0200, Artovil wrote:
>At 16:46 2001-09-01 -0400, you wrote:
>>Did you bother with mysql_escape()?
>> >I don't know how to do it properly.
>>see the texinfo on that function.
>Well, I just assumed that those functions where called through the API and
>the MySQL server, which could slow them down a little depending on the load
>on the MySQL server, especially if I escaped a lot of string at the same
>time, am I right?  That is why I wanted to make my own.  That would be
>better, server load-wise, as well as performance-wise for the mud server,
>am I right?

That's a library call, not an action taken by the sql server.
The worst part of it is the size of the destination buffer, which if
you're doing one large write as I do for the playerfiles, can, I suppose
be somewhat large.  (strlen(in_buf) * 2 + 1) to be exact.

I did something like (pseudo-mailer-code-from-memory)

(this define's just to save me some typing)
#define sql_esc(from, to) if(from) mysql_real_escape_string( \
  &mysql, to, from, strlen(from)); else to[0] = '\0';

char *query, *esc_targ1, *esc_targ2;

esc_targ1 = (char *)malloc(strlen(var1)*2+1);
sql_esc(var1, esc_targ1);

esc_targ2 = (char *)malloc(strlen(var2)*2+1);
sql_esc(var2, esc_targ2);
asprintf(query, "(the whole format string for the query)",
        var1, var2, var3, esc_targ1, esc_targ2);

(of course they go where apropriate).

free(esc_targ1); free(esc_targ2);

the only load on the server comes when you actually perform the
mysql_real_query() command.


   | FAQ: |
   | Archives: |

This archive was generated by hypermail 2b30 : 12/06/01 PST