Revision as of 11:37, 13 February 2007

int odbx_escape(
    odbx_t* handle,
    const char* from,
    unsigned long fromlen,
    char* to,
    unsigned long* tolen ) 

Description:

Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query since they don't stay escaped.

Most backends require the buffer to be more than twice as long as the input string. To be precise, the output buffer must be 2 * size of input + 1 bytes long. After successfully escaping the string in "from" is written into "to" and the value/result parameter "tolen" is updated to the new length of "to".

Parameters:

• handle: Connection object created by odbx_init()
• from: String to escape
• fromlen: Length of the string in "from" without terminating \0 character
• to: Buffer for storing the escaped string
• tolen: Pointer to the length of the buffer

Return values:

• ODBX_ERR_SUCCESS on success
• Less than zero if an error occured

Errors:

• -ODBX_ERR_BACKEND: An error in the backend occured
• -ODBX_ERR_PARAM: One of the parameters is NULL or handle is invalid
• -ODBX_ERR_SIZE: The length of a string exceeded the buffer size (before 1.1.4 it's ODBX_ERR_TOOLONG)

See also:

• OpenDBX_error
• OpenDBX_error_type
• OpenDBX_query

Back to Overview