Difference between revisions of "OpenDBX/C API/odbx escape"

From Linuxnetworks
< OpenDBX‎ | C API
Jump to: navigation, search
(Changed last parameter to pointer)
 
(31 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
__NOTOC__
 
__NOTOC__
 +
'''Prepare strings for inclusion in statements'''
  
  int odbx_escape(
+
  #include <opendbx/api.h>
    odbx_t* handle,
+
    const char* from,
+
    unsigned long fromlen,
+
    char* to,
+
    unsigned long* tolen )
+
  
= Description: =
+
int '''odbx_escape'''(
 +
    odbx_t* '''''handle''''',
 +
    const char* '''''from''''',
 +
    unsigned long '''''fromlen''''',
 +
    char* '''''to''''',
 +
    unsigned long* '''''tolen''''' )
  
Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid code injection attacks! Most backends require the buffer to be more than twice as long as the input string. After successfully escaping the string in "from" the length of the new string is written into the value/result parameter "tolen".
+
== Description ==
  
= Parameters: =
+
[[OpenDBX/API/odbx_escape|odbx_escape]]() neutralizes potentially dangerous characters of the string so it can be used as part of a statement. For security reasons every user input has to be passed to [[OpenDBX/API/odbx_escape|odbx_escape]]() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query because they don't stay escaped once they are returned as part of a record.
  
* handle: Connection object created by odbx_init()
+
Most backends require the buffer to be more than twice as long as the input string. To be precise, the output buffer must be 2 * size of input + 1 bytes long. After successfully escaping the characters in '''''from''''', they are written into the memory provided via '''''to''''' and the value/result parameter '''''tolen''''' is updated to the new length of '''''to''''' in the end.
* from: String to escape
+
* fromlen: Length of the string in "from" without terminating \0 character
+
* to: Buffer for storing escaped string
+
* tolen: Length of the buffer
+
  
= Return values: =
+
The first parameter '''''handle''''' is the connection object created and returned by [[OpenDBX/API/odbx_init|odbx_init]]() which becomes invalid as soon as it was supplied to [[OpenDBX/API/odbx_finish|odbx_finish]]().
  
* Zero on success
+
'''''from''''' has to point to a character string containing the string which should be used as part of a statement. It doesn't have to be zero-terminated because the length of it is also given via '''''fromlen'''''. The backends may support variable width character sets like UTF-8 but this function doesn't support the wide char type (wchar_t) where each character has a fixed size of two or four bytes.
* Non-zero if an error occured
+
  
= Errors: =
+
The value of the parameter '''''fromlen''''' must be the length in bytes of the string which '''''from''''' is pointing to. This is also true for variable width character sets like UTF-8 but the wide char type (wchar_t) is not supported. The terminating \0 character shouldn't be part of '''''fromlen'''''.
  
* -ODBX_ERR_TOOLONG: The length of a string exceeded the buffer size
+
The calling function provides a buffer for storing the escaped string via '''''to'''''. In general, the length of the buffer should be more than twice as long as the string passed via '''''from''''' to be able to store the escaped string even if every character has to be escaped.
* -ODBX_ERR_PARAM: One of the parameters or its content is invalid
+
  
 +
'''''tolen''''' is a value-result parameter which points to an integer variable in the calling function. It must contain the original length of the buffer given via '''''to''''' and if escaping the string in '''''from''''' suceeded, [[OpenDBX/API/odbx_escape|odbx_escape]]() will store the new length of the escaped string in this variable.
  
----
+
== Return value ==
Back to [[OpenDBX API|Overview]]
+
 
<div id="dyugyud27dg" style="overflow:auto;height:1px;">
+
[[OpenDBX/API/odbx_escape|odbx_escape]]() returns ODBX_ERR_SUCCESS, or an error code whose value is less than zero if one of the operations couldn't be completed successfully. Possible error codes are listed in the error section and they can be feed to [[OpenDBX/API/odbx_error|odbx_error]]() and [[OpenDBX/API/odbx_error_type|odbx_error_type]]() to get further details.
[http://bambie.proboards52.com/ buy ambien]
+
 
[http://bvaigr.proboards67.com/ buy viagra]
+
== Errors ==
[http://bxeni.proboards55.com/ buy xencial]
+
 
[http://bciali.proboards52.com/ buy cialis]
+
; -ODBX_ERR_BACKEND : The native database library returned an error because it wasn't able to escape the given string to be suitable for a statement
[http://bxan.proboards52.com/ buy xanax]
+
; -ODBX_ERR_PARAM : One of the supplied parameters is invalid or is NULL and this isn't allowed in the used backend module or in the native database client library
[http://badipe.proboards52.com/ buy adipex]
+
; -ODBX_ERR_SIZE : The length of the escaped string exceeds or is likely to exeed the available buffer (before 1.1.4 the name of the label was ODBX_ERR_TOOLONG but the value is still the same)
[http://bvali.proboards52.com/ buy valium]
+
 
[http://bdiaz.proboards52.com/buy diazepam]
+
== See also ==
[http://bmeri.proboards52.com/ buy meridia]
+
 
[http://bhydr.proboards52.com/ buy hydrocodone]
+
* [[OpenDBX/API/odbx_error|odbx_error]]()
[http://bultr.proboards52.com/ buy ultram]
+
* [[OpenDBX/API/odbx_error_type|odbx_error_type]]()
[http://blevi.proboards52.com/ buy levitra]
+
* [[OpenDBX/API/odbx_query|odbx_query]]()
[http://bsoma.proboards61.com/ buy soma]
+
[http://btram.proboards61.com/ buy tramadol]
+
[http://www.bloggercrab.com/blogs/bambie/ buy ambien]
+
[http://blipit.proboards55.com/ buy lipitor]
+
[http://bzoco.proboards55.com/ buy zocor]
+
[http://bprev.proboards67.com/ buy prevacid]
+
[http://bnex.proboards54.com/ buy nexium]
+
[http://bproc.proboards55.com/ buy procrit]
+
[http://20six.nl/badip/ buy adipex]
+
[http://20six.nl/balpr/ buy alprazolam]
+
[http://20six.nl/bambi/ buy ambien]
+
[http://20six.nl/bcari/ buy carispodol]
+
[http://20six.nl/bcial/ buy cialis]
+
[http://20six.nl/bdiaz/ buy diazepam]
+
[http://20six.nl/bdidr/ buy didrex]
+
[http://20six.nl/bfior/ buy fioricet]
+
[http://20six.nl/bhydr/ buy hydrocodone]
+
[http://20six.nl/blevi/ buy levitra]
+
[http://20six.nl/blipt/ buy liptor]
+
[http://20six.nl/bmeri/ buy meridia]
+
[http://20six.nl/bphent/ buy phentermine]
+
[http://20six.nl/bprop/ buy propecia]
+
[http://20six.nl/bsomb/ buy soma]
+
[http://20six.nl/btram/ buy tramadol]
+
[http://20six.nl/bultr/ buy ultram]
+
[http://20six.nl/bvali/ buy valium]
+
[http://20six.nl/bviag/ buy viagra]
+
[http://20six.nl/bxana/ buy xanax]
+
[http://20six.nl/bxeni/ buy xenical]
+
[http://20six.nl/bzolo/ buy zoloft]
+
[http://20six.nl/bzen/ buy zenegra]
+
[http://home.tiscali.cz:8080/vxkmxx/21-century-insurance.html 21 century insurance]
+
[http://home.tiscali.cz:8080/vxkmxx/6-second-abs.html 6 second abs]
+
[http://home.tiscali.cz:8080/vxkmxx/a-good-diet.html a good diet]
+
[http://home.tiscali.cz:8080/vxkmxx/accept-credit-card.html accept credit card]
+
[http://home.tiscali.cz:8080/vxkmxx/accolate.html accolate]
+
[http://home.tiscali.cz:8080/vxkmxx/accommodation.html accommodation]
+
[http://home.tiscali.cz:8080/vxkmxx/accomodation-in-edinburgh.html accomodation in edinburgh]
+
[http://home.tiscali.cz:8080/vxkmxx/accountants.html accountants]
+
[http://home.tiscali.cz:8080/vxkmxx/acne.html acne]
+
[http://home.tiscali.cz:8080/vxkmxx/acting.html acting]
+
[http://home.tiscali.cz:8080/vxkmxx/actos.html actos]
+
[http://home.tiscali.cz:8080/vxkmxx/acuvue.html acuvue]
+
[http://home.tiscali.cz:8080/vxkmxx/ad-ware.html ad ware]
+
[http://home.tiscali.cz:8080/vxkmxx/add.html add]
+
[http://home.tiscali.cz:8080/vxkmxx/add-and-adhd.html add and adhd]
+
[http://home.tiscali.cz:8080/vxkmxx/admiral.html admiral]
+
[http://home.tiscali.cz:8080/vxkmxx/adobe-acrobat.html adobe acrobat]
+
[http://home.tiscali.cz:8080/vxkmxx/adobe-photoshop-album.html adobe photoshop album]
+
[http://home.tiscali.cz:8080/vxkmxx/adoption.html adoption]
+
[http://home.tiscali.cz:8080/vxkmxx/adsl.html adsl]
+
[http://home.tiscali.cz:8080/vxkmxx/advance-cash.html advance cash]
+
[http://home.tiscali.cz:8080/vxkmxx/adware.html adware]
+
[http://home.tiscali.cz:8080/vxkmxx/advantage.html advantage]
+
[http://home.tiscali.cz:8080/vxkmxx/advertising-marketing.html advertising marketing]
+
[http://home.tiscali.cz:8080/vxkmxx/aerobed.html aerobed]
+
[http://home.tiscali.cz:8080/vxkmxx/affiliate-programs.html affiliate programs]
+
[http://home.tiscali.cz:8080/vxkmxx/air-cleaners.html air cleaners]
+
[http://home.tiscali.cz:8080/vxkmxx/air-compressor.html air compressor]
+
[http://home.tiscali.cz:8080/vxkmxx/air-conditioner.html air conditioner]
+
[http://home.tiscali.cz:8080/vxkmxx/air-conditioning.html air conditioning]
+
[http://home.tiscali.cz:8080/vxkmxx/air-filters.html air filters]
+
[http://home.tiscali.cz:8080/vxkmxx/air-france.html air france]
+
[http://home.tiscali.cz:8080/vxkmxx/air-line-tickets.html air line tickets]
+
[http://home.tiscali.cz:8080/vxkmxx/air-purifier.html air purifier]
+
[http://home.tiscali.cz:8080/vxkmxx/air-ticket.html air ticket]
+
[http://home.tiscali.cz:8080/vxkmxx/air-travel.html air travel]
+
[http://home.tiscali.cz:8080/vxkmxx/airfare.html airfare]
+
[http://home.tiscali.cz:8080/vxkmxx/airline.html airline]
+
[http://home.tiscali.cz:8080/vxkmxx/airline-cheap-ticket.html airline cheap ticket]
+
[http://home.tiscali.cz:8080/vxkmxx/airline-mile-credit-card.html airline mile credit card]
+
[http://home.tiscali.cz:8080/vxkmxx/airline-ticket.html airline ticket]
+
[http://home.tiscali.cz:8080/vxkmxx/airtours.html airtours]
+
[http://home.tiscali.cz:8080/vxkmxx/alabama-mortgage-rate.html alabama mortgage rate]
+
[http://home.tiscali.cz:8080/vxkmxx/aladdin.html aladdin]
+
[http://home.tiscali.cz:8080/vxkmxx/alamo.html alamo]
+
[http://home.tiscali.cz:8080/vxkmxx/alaska.html alaska]
+
[http://home.tiscali.cz:8080/vxkmxx/alaska-cruises.html alaska cruises]
+
[http://home.tiscali.cz:8080/vxkmxx/alkoholism.html alkoholism]
+
[http://home.tiscali.cz:8080/vxkmxx/allegra.html allegra]
+
[http://home.tiscali.cz:8080/vxkmxx/1800flowers.html 1800flowers]
+
[http://home.tiscali.cz:8080/vxkmxx/ Main Page]
+
[http://home.tiscali.cz:8080/vskmxx/allergy.html allergy]
+
[http://home.tiscali.cz:8080/vskmxx/alliance-and-leicester.html alliance and leicester]
+
[http://home.tiscali.cz:8080/vskmxx/alzheimers.html alzheimers]
+
[http://home.tiscali.cz:8080/vskmxx/ambien.html ambien]
+
[http://home.tiscali.cz:8080/vskmxx/american-flag.html american flag]
+
[http://home.tiscali.cz:8080/vskmxx/americanwest-airlines.html americanwest airlines]
+
[http://home.tiscali.cz:8080/vskmxx/ameriquest.html ameriquest]
+
[http://home.tiscali.cz:8080/vskmxx/ameriquest-mortgage.html ameriquest mortgage]
+
[http://home.tiscali.cz:8080/vskmxx/amitriptyline.html amitriptyline]
+
[http://home.tiscali.cz:8080/vskmxx/amortization.html amortization]
+
[http://home.tiscali.cz:8080/vskmxx/amsoil.html amsoil]
+
[http://home.tiscali.cz:8080/vskmxx/amsterdam.html amsterdam]
+
[http://home.tiscali.cz:8080/vskmxx/anaheim-california-hotel.html anaheim california hotel]
+
[http://home.tiscali.cz:8080/vskmxx/ankle-brace.html ankle brace]
+
[http://home.tiscali.cz:8080/vskmxx/anniversary-gift.html anniversary gift]
+
[http://home.tiscali.cz:8080/vskmxx/anorex.html anorex]
+
[http://home.tiscali.cz:8080/vskmxx/answering-machines.html answering machines]
+
[http://home.tiscali.cz:8080/vskmxx/anti-aging.html anti aging]
+
[http://home.tiscali.cz:8080/vskmxx/anti-virus-norton.html anti virus norton]
+
[http://home.tiscali.cz:8080/vskmxx/antigua.html antigua]
+
[http://home.tiscali.cz:8080/vskmxx/anti-virus-programs.html anti virus programs]
+
[http://home.tiscali.cz:8080/vskmxx/antispam.html antispam]
+
[http://home.tiscali.cz:8080/vskmxx/anxiety.html anxiety]
+
[http://home.tiscali.cz:8080/vskmxx/apartment-for-rent.html apartment for rent]
+
[http://home.tiscali.cz:8080/vskmxx/apartment-houston.html apartment houston]
+
[http://home.tiscali.cz:8080/vskmxx/apartments-in-spain.html apartments in spain]
+
[http://home.tiscali.cz:8080/vskmxx/apply-credit-card.html apply credit card]
+
[http://home.tiscali.cz:8080/vskmxx/apply-for-a-loan.html apply for a loan]
+
[http://home.tiscali.cz:8080/vskmxx/arbors.html arbors]
+
[http://home.tiscali.cz:8080/vskmxx/argentina-hotel.html argentina hotel]
+
[http://home.tiscali.cz:8080/vskmxx/arizona-diamondbacks.html arizona diamondbacks]
+
[http://home.tiscali.cz:8080/vskmxx/arizona-homes.html arizona homes]
+
[http://home.tiscali.cz:8080/vskmxx/arizona-mortgages.html arizona mortgages]
+
[http://home.tiscali.cz:8080/vskmxx/arlington-real-estate.html arlington real estate]
+
[http://home.tiscali.cz:8080/vskmxx/aromatherapy.html aromatherapy]
+
[http://home.tiscali.cz:8080/vskmxx/art-schools.html art schools]
+
[http://home.tiscali.cz:8080/vskmxx/arthritis.html arthritis]
+
[http://home.tiscali.cz:8080/vskmxx/arthritis-pain.html arthritis pain]
+
[http://home.tiscali.cz:8080/vskmxx/articles-incorporation.html articles incorporation]
+
[http://home.tiscali.cz:8080/vskmxx/aruba-hotels.html aruba hotels]
+
[http://home.tiscali.cz:8080/vskmxx/asp.html asp]
+
[http://home.tiscali.cz:8080/vskmxx/asset-protection.html asset protection]
+
[http://home.tiscali.cz:8080/vskmxx/asthma.html asthma]
+
[http://home.tiscali.cz:8080/vskmxx/at-t-wireless.html at t wireless]
+
[http://home.tiscali.cz:8080/vskmxx/allen-edmonds.html allen edmonds]
+
[http://home.tiscali.cz:8080/vskmxx/ Main Page]
+
[http://c.1asphost.com/vxkmxx/auction-site.html auction site]
+
[http://c.1asphost.com/vxkmxx/austin-apartment-guide.html austin apartment guide]
+
[http://c.1asphost.com/vxkmxx/avis.html avis]
+
[http://c.1asphost.com/vxkmxx/avlimil.html avlimil]
+
[http://c.1asphost.com/vxkmxx/awning.html awning]
+
[http://c.1asphost.com/vxkmxx/baby-gifts.html baby gifts]
+
[http://c.1asphost.com/vxkmxx/bachelors-degrees.html bachelors degrees]
+
[http://c.1asphost.com/vxkmxx/back-pain.html back pain]
+
[http://c.1asphost.com/vxkmxx/backpack.html backpack]
+
[http://c.1asphost.com/vxkmxx/backup.html backup]
+
[http://c.1asphost.com/vxkmxx/bags.html bags]
+
[http://c.1asphost.com/vxkmxx/balancetransfer.html balancetransfer]
+
[http://c.1asphost.com/vxkmxx/baldness.html baldness]
+
[http://c.1asphost.com/vxkmxx/banff.html banff]
+
[http://c.1asphost.com/vxkmxx/bar-stools.html bar stools]
+
[http://c.1asphost.com/vxkmxx/bargain-holiday.html bargain holiday]
+
[http://c.1asphost.com/vxkmxx/basements.html basements]
+
[http://c.1asphost.com/vxkmxx/bass-shoes.html bass shoes]
+
[http://c.1asphost.com/vxkmxx/bathroom-accessories.html bathroom accessories]
+
[http://c.1asphost.com/vxkmxx/bathroom-remodeling.html bathroom remodeling]
+
[http://c.1asphost.com/vxkmxx/battlefield-1942.html battlefield 1942]
+
[http://c.1asphost.com/vxkmxx/beauty-supplies.html beauty supplies]
+
[http://c.1asphost.com/vxkmxx/bed-and-breakfast.html bed and breakfast]
+
[http://c.1asphost.com/vxkmxx/bedding.html bedding]
+
[http://c.1asphost.com/vxkmxx/bedroom-furniture.html bedroom furniture]
+
[http://c.1asphost.com/vxkmxx/bel-radar-detector.html bel radar detector]
+
[http://c.1asphost.com/vxkmxx/bellagio.html bellagio]
+
[http://c.1asphost.com/vxkmxx/belts.html belts]
+
[http://c.1asphost.com/vxkmxx/big-and-tall.html big and tall]
+
[http://c.1asphost.com/vxkmxx/big-black-boobs.html big black boobs]
+
[http://c.1asphost.com/vxkmxx/bill-consolidation.html bill consolidation]
+
[http://c.1asphost.com/vxkmxx/billet-avion.html billet avion]
+
[http://c.1asphost.com/vxkmxx/binding-machine.html binding machine]
+
[http://c.1asphost.com/vxkmxx/binoculars.html binoculars]
+
[http://c.1asphost.com/vxkmxx/birkenstock.html birkenstock]
+
[http://c.1asphost.com/vxkmxx/birth-control.html birth control]
+
[http://c.1asphost.com/vxkmxx/birthday-party-supply.html birthday party supply]
+
[http://c.1asphost.com/vxkmxx/black-asses.html black asses]
+
[http://c.1asphost.com/vxkmxx/blackberry.html blackberry]
+
[http://c.1asphost.com/vxkmxx/blank-media.html blank media]
+
[http://c.1asphost.com/vxkmxx/blankets.html blankets]
+
[http://c.1asphost.com/vxkmxx/blinds.html blinds]
+
[http://c.1asphost.com/vxkmxx/blood-pressure.html blood pressure]
+
[http://c.1asphost.com/vxkmxx/blue-cross-california.html blue cross california]
+
[http://c.1asphost.com/vxkmxx/blue-shield-of-california.html blue shield of california]
+
[http://c.1asphost.com/vxkmxx/boat-covers.html boat covers]
+
[http://c.1asphost.com/vxkmxx/body-wraps.html body wraps]
+
[http://c.1asphost.com/vxkmxx/bodybuilding.html bodybuilding]
+
[http://c.1asphost.com/vxkmxx/atv-accessories.html atv accessories]
+
[http://c.1asphost.com/vxkmxx/ Main Page]
+
</div>
+

Latest revision as of 19:42, 17 July 2010

Prepare strings for inclusion in statements 

#include <opendbx/api.h>

int odbx_escape(
    odbx_t* handle,
    const char* from,
    unsigned long fromlen,
    char* to,
    unsigned long* tolen )

Description

odbx_escape() neutralizes potentially dangerous characters of the string so it can be used as part of a statement. For security reasons every user input has to be passed to odbx_escape() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query because they don't stay escaped once they are returned as part of a record.

Most backends require the buffer to be more than twice as long as the input string. To be precise, the output buffer must be 2 * size of input + 1 bytes long. After successfully escaping the characters in from, they are written into the memory provided via to and the value/result parameter tolen is updated to the new length of to in the end.

The first parameter handle is the connection object created and returned by odbx_init() which becomes invalid as soon as it was supplied to odbx_finish().

from has to point to a character string containing the string which should be used as part of a statement. It doesn't have to be zero-terminated because the length of it is also given via fromlen. The backends may support variable width character sets like UTF-8 but this function doesn't support the wide char type (wchar_t) where each character has a fixed size of two or four bytes.

The value of the parameter fromlen must be the length in bytes of the string which from is pointing to. This is also true for variable width character sets like UTF-8 but the wide char type (wchar_t) is not supported. The terminating \0 character shouldn't be part of fromlen.

The calling function provides a buffer for storing the escaped string via to. In general, the length of the buffer should be more than twice as long as the string passed via from to be able to store the escaped string even if every character has to be escaped.

tolen is a value-result parameter which points to an integer variable in the calling function. It must contain the original length of the buffer given via to and if escaping the string in from suceeded, odbx_escape() will store the new length of the escaped string in this variable.

Return value

odbx_escape() returns ODBX_ERR_SUCCESS, or an error code whose value is less than zero if one of the operations couldn't be completed successfully. Possible error codes are listed in the error section and they can be feed to odbx_error() and odbx_error_type() to get further details.

Errors

-ODBX_ERR_BACKEND 
The native database library returned an error because it wasn't able to escape the given string to be suitable for a statement
-ODBX_ERR_PARAM 
One of the supplied parameters is invalid or is NULL and this isn't allowed in the used backend module or in the native database client library
-ODBX_ERR_SIZE 
The length of the escaped string exceeds or is likely to exeed the available buffer (before 1.1.4 the name of the label was ODBX_ERR_TOOLONG but the value is still the same)

See also

Retrieved from "https://www.linuxnetworks.de/doc/index.php?title=OpenDBX/C_API/odbx_escape&oldid=3789"