C++

Forum

 
mysql_real_escape_string() problem.

Fellixombc (10)
Well, it seems not to be working. If the user inputs a username with a ' in it, it gives me a sql error (if mysql_real_escape_string() was working it wouldn't).

I'm currently using a function in my class:
1
2
3
4
5
 
int eMysql::strip(string input) {
    char* from = new char[strlen(input.c_str()) * 3 + 1];
    mysql_real_escape_string(&mysql, from, input.c_str(), input.length());
    delete from;
}


How I am using it:
1
2
 
        mysql->strip(query[0]);
        mysql->query("SELECT `username` FROM `users` where `username` = '"+ query[0] +"';");


query is a vector, query[0] username is bob's.


FIXED

Changed my class to this:
1
2
3
4
 
    char* from = new char[strlen(input.c_str()) * 3 + 1];
    mysql_real_escape_string(&mysql, from, input.c_str(), input.length());
    input = input.assign(from);
    delete from;

Last edited on
Topic archived. No new replies allowed.