Ye_Ol_Pi_Shack
/
CppDB
2
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 1 Activity
C++DB is the database layer that was designed to work with C++CMS. This customized version is used within Ye Ol' Pi Shack.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
2 Branches
381 KiB
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
CppDB/docs/escaping.txt

30 lines
980 B
Raw Permalink Blame History 

  1. /*! \page escaping Escaping Strings 

  2. 

  3. \note Before you read this, remember escaping strings directly and including them in SQL statements is \a bad idea, you should

  4. use \ref stat "prepared statements" instead. However if you really know what you are doing, continue reading.

  5. 

  6. 

  7. You can escape strings from unknown source using session's \ref cppdb::session::escape() "escape()" functions. Also

  8. note that they do not add first and last quotation marks and you are expected to do this on your own.

  9. 

  10. For example:

  11. 

  12. \code

  13. std::string safe_data = sql.escape(data);

  14. sql << "INSERT INTO names(name) values('" + safe_data + "')" << cppdb::exec;

  15. \endcode

  16. 

  17. Please notice the quotes inserted in the query.

  18. 

  19. But still it is better to do following:

  20. 

  21. \code

  22. sql << "INSERT INTO names(name) values(?)" << data << cppdb::exec;

  23. \endcode

  24. 

  25. \note \ref odbc "ODBC" backend does not support escaping strings and would throw \ref cppdb::not_supported_by_backend "not_supported_by_backend" exception.

  26. 

  27. */

  28.