Revision as of 20:02, 9 March 2007

#include <odbx.h>

int odbx_escape(
    odbx_t* handle,
    const char* from,
    unsigned long fromlen,
    char* to,
    unsigned long* tolen ) 

Description

odbx_escape() neutralizes potentially dangerous characters of the string so it can be used as part of a statement. For security reasons every user input has to be passed to odbx_escape() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query again because they don't stay escaped.

Most backends require the buffer to be more than twice as long as the input string. To be precise, the output buffer must be 2 * size of input + 1 bytes long. After successfully escaping the string in "from" is written into "to" and the value/result parameter "tolen" is updated to the new length of "to".

Parameters:

• handle: Connection object created by odbx_init()
• from: String to escape
• fromlen: Length of the string in "from" without terminating \0 character
• to: Buffer for storing the escaped string
• tolen: Pointer to the length of the buffer

Return values

odbx_get_option() returns ODBX_ERR_SUCCESS, or an error code whose value is less than zero if one of the operations couldn't be completed successfully. Possible error codes are listed in the error section and they can be feed to odbx_error() and odbx_error_type() to get further details.

Errors

-ODBX_ERR_BACKEND 

The native database library returned an error because it wasn't able to escape the given string to be suitable for a statement

-ODBX_ERR_PARAM 

One of the supplied parameters is invalid or is NULL and this isn't allowed in the used backend module or in the native database client library

-ODBX_ERR_SIZE 

The length of the escaped string exceeds or is likely to exeed the available buffer (before 1.1.4 ODBX_ERR_TOOLONG was returned)

See also:

• OpenDBX_error
• OpenDBX_error_type
• OpenDBX_query

Back to Overview