Difference between revisions of "OpenDBX/C API/odbx escape"
From Linuxnetworks
(see also) |
(header) |
||
| Line 1: | Line 1: | ||
__NOTOC__ | __NOTOC__ | ||
| − | int odbx_escape( | + | '''#include <odbx.h>''' |
| − | odbx_t* handle, | + | |
| − | const char* from, | + | int '''odbx_escape'''( |
| − | unsigned long fromlen, | + | odbx_t* '''handle''', |
| − | char* to, | + | const char* '''from''', |
| − | unsigned long* tolen ) | + | unsigned long '''fromlen''', |
| + | char* '''to''', | ||
| + | unsigned long* '''tolen''' ) | ||
= Description: = | = Description: = | ||
Revision as of 00:07, 15 February 2007
#include <odbx.h>
int odbx_escape(
odbx_t* handle,
const char* from,
unsigned long fromlen,
char* to,
unsigned long* tolen )
Description:
Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query since they don't stay escaped.
Most backends require the buffer to be more than twice as long as the input string. To be precise, the output buffer must be 2 * size of input + 1 bytes long. After successfully escaping the string in "from" is written into "to" and the value/result parameter "tolen" is updated to the new length of "to".
Parameters:
- handle: Connection object created by odbx_init()
- from: String to escape
- fromlen: Length of the string in "from" without terminating \0 character
- to: Buffer for storing the escaped string
- tolen: Pointer to the length of the buffer
Return values:
- ODBX_ERR_SUCCESS on success
- Less than zero if an error occured
Errors:
- -ODBX_ERR_BACKEND: An error in the backend occured
- -ODBX_ERR_PARAM: One of the parameters is NULL or handle is invalid
- -ODBX_ERR_SIZE: The length of a string exceeded the buffer size (before 1.1.4 it's ODBX_ERR_TOOLONG)
See also:
Back to Overview
