Difference between revisions of "OpenDBX/C API/odbx escape"
From Linuxnetworks
(→Return values:) |
(→Errors:) |
||
| Line 29: | Line 29: | ||
= Errors: = | = Errors: = | ||
| + | * -ODBX_ERR_BACKEND: An error in the backend occured | ||
| + | * -ODBX_ERR_PARAM: One of the parameters is NULL or handle is invalid | ||
* -ODBX_ERR_TOOLONG: The length of a string exceeded the buffer size | * -ODBX_ERR_TOOLONG: The length of a string exceeded the buffer size | ||
| − | |||
---- | ---- | ||
Back to [[OpenDBX API|Overview]] | Back to [[OpenDBX API|Overview]] | ||
Revision as of 14:29, 5 June 2006
int odbx_escape(
odbx_t* handle,
const char* from,
unsigned long fromlen,
char* to,
unsigned long* tolen )
Description:
Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query since they don't stay escaped.
Most backends require the buffer to be more than twice as long as the input string. After successfully escaping the string in "from" is written into "to" and the value/result parameter "tolen" is updated to the new length of "to".
Parameters:
- handle: Connection object created by odbx_init()
- from: String to escape
- fromlen: Length of the string in "from" without terminating \0 character
- to: Buffer for storing escaped string
- tolen: Length of the buffer
Return values:
- ODBX_ERR_SUCCESS on success
- Less than zero if an error occured
Errors:
- -ODBX_ERR_BACKEND: An error in the backend occured
- -ODBX_ERR_PARAM: One of the parameters is NULL or handle is invalid
- -ODBX_ERR_TOOLONG: The length of a string exceeded the buffer size
Back to Overview
