Zeoslib Portal

This is the official forum of ZeosLib providing support to all ZeosLib users.
https://zeoslib.sourceforge.io/

escape string

https://zeoslib.sourceforge.io/viewtopic.php?t=1406

Page 1 of 1

escape string

Posted: 01.09.2007, 14:31
by V1RUS
i have a console program.

Code: Select all

uses
  ZConnection,ZQuery;
var
  Connection : TZConnection;
  Dataset : TZQuery;
  login : string;
begin
  Connection := TZConnection.Create(nil);
  Dataset := TZQuery.Create(nil);
  Dataset.Connection := fConnection;
  Dataset.ReadOnly := FALSE;
  Connection.Protocol := 'mysql-5'; //actually it's getting from config
  Connection.HostName        := MainProc.DatabaseOptions.RealmHost;
  Connection.Port            := MainProc.DatabaseOptions.RealmPort;
  Connection.Database        := MainProc.DatabaseOptions.RealmDB;
  Connection.User            := MainProc.DatabaseOptions.RealmUser;
  Connection.Password        := MainProc.DatabaseOptions.RealmPass;
  Connection.Connect;

  login := GetLogin; //function takes username from Edit box

  //i need to escape string(login) now to avoid hack/crash. but how ???

  //something sql-requests with this login

  Connection.Disconnect;
  Dataset.Free;
  Connection.Free;
end.
thanks all

sry 4 bad English - I'm from Russia ;)

Posted: 03.09.2007, 10:10
by zippo
Use the backslash

Posted: 03.09.2007, 12:32
by V1RUS
can you write example ?

Posted: 03.09.2007, 13:44
by mdaems
You can use EncodeCString from ZSysUtils unit.
I'm planning to add a utility function to the Connection component which escapes characters in a way the connected database likes. Some more people are asking for it. The mysql implementation would use mysql_escape_string or mysql_real_escape_string API functions. For other databases EncodeCString function will be used until somebody provides a more db specific solution.

Mark

Posted: 03.09.2007, 16:22
by V1RUS
thanks a lot. i'll wait for your change ;)

Posted: 05.09.2007, 10:47
by mdaems
V1RUS,

If forgot I already committed the change... It's in the last Testing snapshot already. When you use another version you can check the changes using SVN (testing branch rev. 284) and apply these changes to your sources. It's not that big.

How to use it : escapedstring=Connection1.DbcConnection.EscapeString(unescapedstring)

Mark

Posted: 05.09.2007, 15:26
by btrewern
Mark,

In PostgreSQL there is the PQescapeStringConn function which I think does what you are looking for from a PostgreSQL point of view.

See here:
http://www.postgresql.org/docs/8.2/stat ... APE-STRING

Introduced in PostgreSQL 7.3.

Regards,

Ben

Posted: 05.09.2007, 16:16
by mdaems
Ben,

Can you please do the implementation? It shouldn't be too much work:
- add the plaindriver function if it's not present yet.
- override the function in the zdbcpostgresconnection.

just post your changed files or a SVN patch here.

Mark

Posted: 16.01.2012, 11:51
by rjuju
Hi.
I'm planning to switch my postgresql db to 9.1 with standard_conforming_strings to on, so I have a similar problem.

For example, while using TDBEdit with TZQuery, if I write "let's" zeos will write a query with "let\047s", which doesn't work without E before ( E'let\047s' )

Is there a solution, like a patch with the PQescapeString function to escape string ?

Thank you
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited