Difference between revisions of "OpenDBX/C API/odbx escape"
From Linuxnetworks
(→Description:) |
|||
| Line 10: | Line 10: | ||
= Description: = | = Description: = | ||
| − | Escapes a string so it can be used in a statement. For security reasons | + | Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid code injection attacks! Most backends require the buffer to be more than twice as long as the input string. After successfully escaping the string in "from" the length of the new string is written into the value/result parameter "tolen". |
= Parameters: = | = Parameters: = | ||
Revision as of 20:24, 1 October 2005
int odbx_escape(
odbx_t* handle,
const char* from,
unsigned long fromlen,
char* to,
unsigned long* tolen )
Description:
Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid code injection attacks! Most backends require the buffer to be more than twice as long as the input string. After successfully escaping the string in "from" the length of the new string is written into the value/result parameter "tolen".
Parameters:
- handle: Connection object created by odbx_init()
- from: String to escape
- fromlen: Length of the string in "from" without terminating \0 character
- to: Buffer for storing escaped string
- tolen: Length of the buffer
Return values:
- Zero on success
- Non-zero if an error occured
Errors:
- -ODBX_ERR_TOOLONG: The length of a string exceeded the buffer size
- -ODBX_ERR_PARAM: One of the parameters or its content is invalid
Back to Overview
