int odbx_escape(
    odbx_t* handle,
    const char* from,
    unsigned long fromlen,
    char* to,
    unsigned long* tolen ) 

Description:

Escapes a string so it can be used in a statement. For security reasons every user input has to be passed to odbx_escape() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query since they don't stay escaped.

Most backends require the buffer to be more than twice as long as the input string. After successfully escaping the string in "from" is written into "to" and the value/result parameter "tolen" is updated to the new length of "to".

Parameters:

• handle: Connection object created by odbx_init()
• from: String to escape
• fromlen: Length of the string in "from" without terminating \0 character
• to: Buffer for storing escaped string
• tolen: Length of the buffer

Return values:

• Zero on success
• Non-zero if an error occured

Errors:

• -ODBX_ERR_TOOLONG: The length of a string exceeded the buffer size
• -ODBX_ERR_PARAM: One of the parameters or its content is invalid

Back to Overview