Re: [CODE] calling char function from sprintf

From: George Greer (
Date: 09/05/01

On Wed, 5 Sep 2001, Artovil wrote:

>Well, I thought about mysql_real_escape_string() as well before I
>emailed, but to structure a query that has 68 columns in that manner
>would take a bzillion lines of code.  Are you sure that this is the only
>way to do it?  I can't use the sprintf?

68 columns you're searching by or retrieving?  If you're really searching
by 68 columns something is very wrong. If you're retrieving, then the SQL
database should unquote it for you.

>Which is best, to do the 68 column query with mysql_real_escape_string()
>and have about 136 *end++='\'' and 67 *end++=',' in there, or to use 68
>temporary chars and just use sprintf() to put it all together?

The '*end++' stuff in the example was to add some escape characters for

>What if I had to loop something over, like player affects, and
>concatenated insert strings together, and then ran that query?  Which
>option would be best then?


  strcpy(query, "SELECT ...");  // start it
  mysql_real_escape_string(handle, temp, quoteme, strlen(quoteme));
  strcat(query, temp);

However, the correct answer for 68 query items is probably Don'tDoThat(tm).

>And why is it so hard to use some kind of function inside a sprintf that
>strips the ' and replaces them with \' instead?  The one I had was
>obviously wrong, but you never said what was wrong with it or why, you
>just said it was due to lack of understanding static.  That answer would
>make sense if I actually DID understand static, but since I don't, you
>know where this is all going...

Only one static buffer exists by that name so your calls clobber each
other. You need either a master temporary buffer or 68 little ones for

George Greer

   | FAQ: |
   | Archives: |

This archive was generated by hypermail 2b30 : 12/06/01 PST