C++ Mysql Real Escape String Issue_问答_开发者

开发者 https://www.devze.com 2023-01-06 03:56 出处：网络

Hmm, for some reason, its only doing this on the first username (and password) and does it for how big my my vector is. Any ideas on why?

int eMysql::strip(string &input) {
    char* from = new char[strlen(input.c_str()) * 3 + 1];
    mysql_real_escape_string(&mysql, from, input.c_str(), input.length());
    input = input.assign(from);
    delete from;
}
开发者_高级运维

Where its used:

if(query.size() > 0) {
        mysql->strip(query[0]);
        mysql->strip(query[1]);
        mysql->query("SELECT `username` FROM `users` where `username` = '"+ query[0] +"';");

I suggest building the query as a separate string variable rather than passing the mess in the argument:

static const char fixed_text[] = "SELECT `username` FROM `users` where `username` = '";
std::string query_text(fixed_text);
query_text += query[0];
query_text += "';";
mysql->query(query_text);

This technique allows you to examine the query before it is sent to MySql.

I suggest you examine the query[0] variable for any strange characters such as \r and \n. The MySql manual has a section listing characters that need to be escaped.