FiveTech Software tech support forums

[ricbarraes]

Hello everyone,

I'm trying to call the mysql_real_escape_string() from both libmysql.dll and libmariadb.dll inside a webservice, but it's not working...

does anybody know what could be the problem??


cSQL:=mysql_real_escape_string(::pLib,::hConnection,cSQL)


function mysql_real_escape_string(pLib, hConnect, cQuery)

return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, cQuery, cQuery, Len(cQuery)


Enviado do meu iPhone usando Tapatalk

[Antonio Linares]

Ricardo,

Have you checked this note from the docs ?

https://dev.mysql.com/doc/c-api/8.0/en/mysql-real-escape-string.html

Note
mysql_real_escape_string() fails and produces an CR_INSECURE_API_ERR error if the NO_BACKSLASH_ESCAPES SQL mode is enabled. In this case, the function cannot escape quote characters except by doubling them, and to do this properly, it must know more information about the quoting context than is available. Instead, use mysql_real_escape_string_quote(), which takes an extra argument for specifying the quoting context.

What error do you get ?

[ricbarraes]

Hey Antonio! thanks for your answer...

Yes I checked the documentation but I didn't pay mucha attention to the return of the function...
I was assuming that they were returning the escaped string, but, in fact,- correct me if I'm wrong - the return is the length of the result string.

So I made a couple of changes like that:

Code: Select all  Expand view

mysql_real_escape_string_quote(::pLib,::hConnection,@cSQL)
::nRetVal := mysql_query( ::pLib, ::hConnection, cSQL )    

function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string_quote", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, cQuery, cQuery,  Len(cQuery),"'")
 

And now I'm not getting any error, the application is not crashing, but I don't know if the escape is really working because I'm getting NIL as a return from the mysql_real_escape_string_quote()...

[ricbarraes]

Never mind Antonio!

Everything is working properly right now!
Thank you so much, my friend

Code: Select all  Expand view

METHOD Escape(cParam)
   
   LOCAL nTeste
   if ! Empty( ::pLib )
      ::hMySQL = mysql_init(::pLib)      
         
      if ::hMySQL != 0
         ::hConnection = mysql_real_connect( ::pLib,::cHost, ::cUser, AP_GETENV( 'PASSWORDTEST' ), ::cSchema, ::nPort, ::hMySQL )
         
         if ::hConnection != ::hMySQL
            //? "Error on connection to server " + ::cHost,::hConnection , ::hMySQL
            RETURN NIL
         endif
      endif
     
      nTeste:=mysql_real_escape_string_quote(::pLib,::hConnection,@cParam)
      ?nTeste
           
      mysql_close(::pLib,::hConnection)
   else
      ? ::cLibName + " not available"    
   endif  


 RETURN cParam



function mysql_real_escape_string_quote(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG, HB_DYN_CTYPE_CHAR_PTR },;
hConnect, @cQuery, cQuery,  Len(cQuery), "'")

function mysql_real_escape_string(pLib, hConnect, cQuery)
   
return hb_DynCall( { "mysql_real_escape_string", pLib, hb_bitOr( hb_SysLong(),;
hb_SysCallConv() ), hb_SysLong(), HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_CHAR_PTR, HB_DYN_CTYPE_LONG },;
hConnect, @cQuery, cQuery,  Len(cQuery))

 

[Antonio Linares]

very good