SQL Escaping in MySQL

Started by Jeff, April 17, 2007, 07:16:49 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Jeff

April 17, 2007, 07:16:49 AM Last Edit: December 31, 1969, 04:00:00 PM by Jeff
Add the following lines to your mysql.lsp library, depending on the version of mysql client lib you have:


Code Select
(import libmysqlclient "mysql_escape_string") ; MySQL4
(import libmysqlclient "mysql_real_escape_string") ; MySQL5

MySQL4
Code Select
(define (escape value , safe-value)
  "Escapes input value using mysql_escape_string."
  (set 'safe-value (dup " " (+ 1 (length value))))
  (MySQL:mysql_escape_string safe-value value (length value))
  safe-value)

MySQL5
Code Select
(define (escape value , safe-value)
  "Escapes input value using mysql_real_escape_string."
  (set 'safe-value (dup " " (+ 1 (length value))))
  (MySQL:mysql_real_escape_string MySQL:MYSQL safe-value value (length value))
  safe-value)

These will escape newlines, single and double ticks, etc, to prevent sql injection.
Jeff

=====

Old programmers don\'t die. They just parse on...



http://artfulcode.net\">Artful code
Print
Go Up Pages1
User actions