escape string

Forum related to version 6.5.1 (alpha) and 6.6.x (beta) of ZeosLib's DBOs

Moderators: gto, cipto_kh, EgonHugeist

V1RUS
Fresh Boarder
Fresh Boarder
Posts: 3
Joined: 01.09.2007, 14:22

escape string

Postby V1RUS » 01.09.2007, 14:31

i have a console program.

Code: Select all

uses
  ZConnection,ZQuery;
var
  Connection : TZConnection;
  Dataset : TZQuery;
  login : string;
begin
  Connection := TZConnection.Create(nil);
  Dataset := TZQuery.Create(nil);
  Dataset.Connection := fConnection;
  Dataset.ReadOnly := FALSE;
  Connection.Protocol := 'mysql-5'; //actually it's getting from config
  Connection.HostName        := MainProc.DatabaseOptions.RealmHost;
  Connection.Port            := MainProc.DatabaseOptions.RealmPort;
  Connection.Database        := MainProc.DatabaseOptions.RealmDB;
  Connection.User            := MainProc.DatabaseOptions.RealmUser;
  Connection.Password        := MainProc.DatabaseOptions.RealmPass;
  Connection.Connect;

  login := GetLogin; //function takes username from Edit box

  //i need to escape string(login) now to avoid hack/crash. but how ???

  //something sql-requests with this login

  Connection.Disconnect;
  Dataset.Free;
  Connection.Free;
end.


thanks all

sry 4 bad English - I'm from Russia ;)

zippo
Silver Boarder
Silver Boarder
Posts: 322
Joined: 12.10.2005, 18:01
Location: Slovenia

Postby zippo » 03.09.2007, 10:10

Use the backslash

V1RUS
Fresh Boarder
Fresh Boarder
Posts: 3
Joined: 01.09.2007, 14:22

Postby V1RUS » 03.09.2007, 12:32

can you write example ?

User avatar
mdaems
Zeos Project Manager
Zeos Project Manager
Posts: 2766
Joined: 20.09.2005, 15:28
Location: Brussels, Belgium
Contact:

Postby mdaems » 03.09.2007, 13:44

You can use EncodeCString from ZSysUtils unit.
I'm planning to add a utility function to the Connection component which escapes characters in a way the connected database likes. Some more people are asking for it. The mysql implementation would use mysql_escape_string or mysql_real_escape_string API functions. For other databases EncodeCString function will be used until somebody provides a more db specific solution.

Mark

V1RUS
Fresh Boarder
Fresh Boarder
Posts: 3
Joined: 01.09.2007, 14:22

Postby V1RUS » 03.09.2007, 16:22

thanks a lot. i'll wait for your change ;)

User avatar
mdaems
Zeos Project Manager
Zeos Project Manager
Posts: 2766
Joined: 20.09.2005, 15:28
Location: Brussels, Belgium
Contact:

Postby mdaems » 05.09.2007, 10:47

V1RUS,

If forgot I already committed the change... It's in the last Testing snapshot already. When you use another version you can check the changes using SVN (testing branch rev. 284) and apply these changes to your sources. It's not that big.

How to use it : escapedstring=Connection1.DbcConnection.EscapeString(unescapedstring)

Mark

btrewern
Expert Boarder
Expert Boarder
Posts: 193
Joined: 06.10.2005, 18:51

Postby btrewern » 05.09.2007, 15:26

Mark,

In PostgreSQL there is the PQescapeStringConn function which I think does what you are looking for from a PostgreSQL point of view.

See here:
http://www.postgresql.org/docs/8.2/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING

Introduced in PostgreSQL 7.3.

Regards,

Ben

User avatar
mdaems
Zeos Project Manager
Zeos Project Manager
Posts: 2766
Joined: 20.09.2005, 15:28
Location: Brussels, Belgium
Contact:

Postby mdaems » 05.09.2007, 16:16

Ben,

Can you please do the implementation? It shouldn't be too much work:
- add the plaindriver function if it's not present yet.
- override the function in the zdbcpostgresconnection.

just post your changed files or a SVN patch here.

Mark

rjuju
Fresh Boarder
Fresh Boarder
Posts: 4
Joined: 04.12.2008, 12:44

Postby rjuju » 16.01.2012, 11:51

Hi.
I'm planning to switch my postgresql db to 9.1 with standard_conforming_strings to on, so I have a similar problem.

For example, while using TDBEdit with TZQuery, if I write "let's" zeos will write a query with "let\047s", which doesn't work without E before ( E'let\047s' )

Is there a solution, like a patch with the PQescapeString function to escape string ?

Thank you


Return to “6.5.1 (alpha) - 6.6.x (beta)”

Who is online

Users browsing this forum: No registered users and 1 guest