开发者

C++ Mysql Real Escape String Issue

问答 作者:

Hmm, for some reason, its only doing this on the first username (and password) and does it for how big my my vector is. Any ideas on why?

int eMysql::strip(string &input) {
    char* from = new char[strlen(input.c_str()) * 3 + 1];
    mysql_real_escape_string(&mysql, from, input.c_str(), input.length());
    input = input.assign(from);
    delete from;
}
开发者_高级运维

Where its used:

if(query.size() > 0) {
        mysql->strip(query[0]);
        mysql->strip(query[1]);
        mysql->query("SELECT `username` FROM `users` where `username` = '"+ query[0] +"';");

I suggest building the query as a separate string variable rather than passing the mess in the argument: 

static const char fixed_text[] = "SELECT `username` FROM `users` where `username` = '";
std::string query_text(fixed_text);
query_text += query[0];
query_text += "';";
mysql->query(query_text);

This technique allows you to examine the query before it is sent to MySql.

I suggest you examine the query[0] variable for any strange characters such as \r and \n. The MySql manual has a section listing characters that need to be escaped.

继续阅读:escapingstring

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9