Back To Programming / Scripting / Coding Forum

custom/replacement function

dark_lord
Graduate
Joined: Jan 14, 2009
Posts: 162
Loc: India-Kolkata
Status: Offline

May 15th, 2009, 9:03 am

well i am working with very low version for a company i.e. PHP 2.2 something which is in PHPtriad!

there we cannot use mysql_real_escape_string() ?

solutions can be
1. Replacement of this?
2. What is there inside that function, so that i can make a custom function?

Anyone?
Thanks in advance!

Wrap Up your Big Url | Mariana World Community

Anonymous
Bot
- www.ozzu.com
Joined: 25 Feb 2008
Posts: ?
Loc: Ozzuland
Status: Online

May 15th, 2009, 9:03 am

joebert
Sledgehammer
Joined: Feb 10, 2004
Posts: 13458
Loc: Florida
Status: Offline

May 15th, 2009, 9:20 am

The PHP mysql_real_escape_string is just a wrapper around the MySQL APIs function of the same name.
http://dev.mysql.com/doc/refman/5.0/en/ ... tring.html

Code: [ Select ]

joebert@computer:~/php-5.2.9$ grep -n -r 'PHP_FUNCTION(mysql_real_escape_string)' .
./ext/mysql/php_mysql_structs.h:84:PHP_FUNCTION(mysql_real_escape_string);
./ext/mysql/php_mysql.c:1684:PHP_FUNCTION(mysql_real_escape_string)
joebert@computer:~/php-5.2.9$

joebert@computer:~/php-5.2.9$ grep -n -r 'PHP_FUNCTION(mysql_real_escape_string)' .
./ext/mysql/php_mysql_structs.h:84:PHP_FUNCTION(mysql_real_escape_string);
./ext/mysql/php_mysql.c:1684:PHP_FUNCTION(mysql_real_escape_string)
joebert@computer:~/php-5.2.9$

php_mysql.c:1684

Code: [ Select ]

PHP_FUNCTION(mysql_real_escape_string)
{
zval *mysql_link = NULL;
char *str;
char *new_str;
int id = -1, str_len, new_str_len;
php_mysql_conn *mysql;

if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|r", &str, &str_len, &mysql_link) == FAILURE) {
return;
}

if (ZEND_NUM_ARGS() == 1) {
id = php_mysql_get_default_link(INTERNAL_FUNCTION_PARAM_PASSTHRU);
CHECK_LINK(id);
}

ZEND_FETCH_RESOURCE2(mysql, php_mysql_conn *, &mysql_link, id, "MySQL-Link", le_link, le_plink);

new_str = safe_emalloc(str_len, 2, 1);
new_str_len = mysql_real_escape_string(&mysql->conn, new_str, str, str_len);
new_str = erealloc(new_str, new_str_len + 1);

RETURN_STRINGL(new_str, new_str_len, 0);
}

PHP_FUNCTION(mysql_real_escape_string)
{
zval *mysql_link = NULL;
char *str;
char *new_str;
int id = -1, str_len, new_str_len;
php_mysql_conn *mysql;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|r", &str, &str_len, &mysql_link) == FAILURE) {
return;
}
if (ZEND_NUM_ARGS() == 1) {
id = php_mysql_get_default_link(INTERNAL_FUNCTION_PARAM_PASSTHRU);
CHECK_LINK(id);
}
ZEND_FETCH_RESOURCE2(mysql, php_mysql_conn *, &mysql_link, id, "MySQL-Link", le_link, le_plink);
new_str = safe_emalloc(str_len, 2, 1);
new_str_len = mysql_real_escape_string(&mysql->conn, new_str, str, str_len);
new_str = erealloc(new_str, new_str_len + 1);
RETURN_STRINGL(new_str, new_str_len, 0);
}

Strong with this one, the sudo is.

dark_lord
Graduate
Joined: Jan 14, 2009
Posts: 162
Loc: India-Kolkata
Status: Offline

May 16th, 2009, 10:14 am

so, i guess there are no solutions?!

Wrap Up your Big Url | Mariana World Community

joebert
Sledgehammer
Joined: Feb 10, 2004
Posts: 13458
Loc: Florida
Status: Offline

May 16th, 2009, 10:28 am

Does PHP 2.2 even support extensions ?
The MySQL extension you have doesn't support mysql_real_escape_string ?
Does the server even have MySQL support for PHP in PHP 2.2 ?
Did you read that manual page at MySQL.com ?
Do you have any way to request the character set in use by the MySQL server that wouldn't require you to escape any user input ? (an SQL query maybe)
Have you looked at the MySQL server source code to see if you can find the definition of the mysql_real_escape_string function in there ?

Strong with this one, the sudo is.

dark_lord
Graduate
Joined: Jan 14, 2009
Posts: 162
Loc: India-Kolkata
Status: Offline

May 16th, 2009, 10:49 am

1. probably yes
2. maybe
3. sort of
4. more or less
5. that was a tangent to my head
6. No, i found it bit complicated for me?!

I got the point, I will have to develop a function to validate the user inputs

that's why i was saying, any custom function...

Wrap Up your Big Url | Mariana World Community

SpooF
٩๏̯͡๏۶
Joined: May 22, 2004
Posts: 3415
Loc: Richland, WA
Status: Offline

May 16th, 2009, 12:37 pm

PHP.net wrote:

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

Just build a function that escapes those characters.

#define NULL (::rand() % 2)

SpooF
٩๏̯͡๏۶
Joined: May 22, 2004
Posts: 3415
Loc: Richland, WA
Status: Offline

May 16th, 2009, 12:41 pm

Any particular reason they are still using PHP 2.2?

#define NULL (::rand() % 2)

joebert
Sledgehammer
Joined: Feb 10, 2004
Posts: 13458
Loc: Florida
Status: Offline

May 16th, 2009, 1:06 pm

It's not as simple as escaping certain characters. You have to check configuration values of the MySQL server and also determine which character set is in use so you don't screw up multi-byte characters.

From the MySQL source.

./libmysqld/libmysql.c:1608
Notice how two different functions are called depending on the status of the MySQL server being queried ?
One function doubles up quotes and the other escapes them with backslashes.

Code: [ Select ]

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]

/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into

Code: [ Select ]

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]

/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

Code: [ Select ]

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]

/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

Code: [ Select ]

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]

/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

Code: [ Select ]

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]

/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

Code: [ Select ]

ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]

/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

./mysys/charset.c:618

Code: [ Select ]

/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
Escape string with backslashes (\)

SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
Escape apostrophes by doubling them up

SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape

DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.

NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]

/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into \0.
 
  NOTE
    To maintain compatibility with the old C API, to_length may be 0 to mean
    "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
    char escape= 0;
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)
 
     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
    if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
      escape= *from;
    else
#endif
    switch (*from) {
    case 0:             /* Must be escaped for 'mysql' */
      escape= '0';
      break;
    case '\n':              /* Must be escaped for logs */
      escape= 'n';
      break;
    case '\r':
      escape= 'r';
      break;
    case '\\':
      escape= '\\';
      break;
    case '\'':
      escape= '\'';
      break;
    case '"':               /* Better safe than sorry */
      escape= '"';
      break;
    case '\032':            /* This gives problems on Win32 */
      escape= 'Z';
      break;
    }
    if (escape)
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\\';
      *to++= escape;
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

[/code].

NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)

Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0:   /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"':    /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].

NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)

Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0:   /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"':    /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].

NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)

Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0:   /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"':    /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].

NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)

Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0:   /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"':    /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].

NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"

RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/

ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)

Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0:   /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"':    /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]/*
Escape string with backslashes (\)
SYNOPSIS
escape_string_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by adding backslashes before special
characters, and turning others into specific escape sequences, such as
turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
ulong length)
{
if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]
Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
./mysys/charset.c:758
[code]/*
Escape apostrophes by doubling them up
SYNOPSIS
escape_quotes_for_mysql()
charset_info Charset of the strings
to Buffer for escaped string
to_length Length of destination buffer, or 0
from The string to escape
length The length of the string to escape
DESCRIPTION
This escapes the contents of a string by doubling up any apostrophes that
it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
effect on the server.
NOTE
To be consistent with escape_string_for_mysql(), to_length may be 0 to
mean "big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
We don't have the same issue here with a non-multi-byte character being
turned into a multi-byte character by the addition of an escaping
character, because we are only escaping the ' character with itself.
*/
#endif
if (*from == '\'')
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\'';
*to++= '\'';
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]
./mysys/charset.c:618
[code]
1. /*
2. Escape string with backslashes (\)
4. SYNOPSIS
5. escape_string_for_mysql()
6. charset_info Charset of the strings
7. to Buffer for escaped string
8. to_length Length of destination buffer, or 0
9. from The string to escape
10. length The length of the string to escape
12. DESCRIPTION
13. This escapes the contents of a string by adding backslashes before special
14. characters, and turning others into specific escape sequences, such as
15. turning newlines into \n and null bytes into \0.
17. NOTE
18. To maintain compatibility with the old C API, to_length may be 0 to mean
19. "big enough"
21. RETURN VALUES
22. ~0 The escaped string did not fit in the to buffer
23. >=0 The length of the escaped string
24. */
26. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
27. char *to, ulong to_length,
28. const char *from, ulong length)
29. {
30. const char *to_start= to;
31. const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
32. my_bool overflow= FALSE;
33. #ifdef USE_MB
34. my_bool use_mb_flag= use_mb(charset_info);
35. #endif
36. for (end= from + length; from < end; from++)
37. {
38. char escape= 0;
39. #ifdef USE_MB
40. int tmp_length;
41. if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
42. {
43. if (to + tmp_length > to_end)
44. {
45. overflow= TRUE;
46. break;
47. }
48. while (tmp_length--)
49. *to++= *from++;
50. from--;
51. continue;
52. }
53. /*
54. If the next character appears to begin a multi-byte character, we
55. escape that first byte of that apparent multi-byte character. (The
56. character just looks like a multi-byte character -- if it were actually
57. a multi-byte character, it would have been passed through in the test
58. above.)
60. Without this check, we can create a problem by converting an invalid
61. multi-byte character into a valid one. For example, 0xbf27 is not
62. a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
63. */
64. if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
65. escape= *from;
66. else
67. #endif
68. switch (*from) {
69. case 0: /* Must be escaped for 'mysql' */
70. escape= '0';
71. break;
72. case '\n': /* Must be escaped for logs */
73. escape= 'n';
74. break;
75. case '\r':
76. escape= 'r';
77. break;
78. case '\\':
79. escape= '\\';
80. break;
81. case '\'':
82. escape= '\'';
83. break;
84. case '"': /* Better safe than sorry */
85. escape= '"';
86. break;
87. case '\032': /* This gives problems on Win32 */
88. escape= 'Z';
89. break;
90. }
91. if (escape)
92. {
93. if (to + 2 > to_end)
94. {
95. overflow= TRUE;
96. break;
97. }
98. *to++= '\\';
99. *to++= escape;
100. }
101. else
102. {
103. if (to + 1 > to_end)
104. {
105. overflow= TRUE;
106. break;
107. }
108. *to++= *from;
109. }
110. }
111. *to= 0;
112. return overflow ? (ulong)~0 : (ulong) (to - to_start);
113. }
[/code].
NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)
Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"': /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)
Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"': /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)
Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"': /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)
Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"': /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
NOTE
To maintain compatibility with the old C API, to_length may be 0 to mean
"big enough"
RETURN VALUES
~0 The escaped string did not fit in the to buffer
>=0 The length of the escaped string
*/
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
char *to, ulong to_length,
const char *from, ulong length)
{
const char *to_start= to;
const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
my_bool overflow= FALSE;
#ifdef USE_MB
my_bool use_mb_flag= use_mb(charset_info);
#endif
for (end= from + length; from < end; from++)
{
char escape= 0;
#ifdef USE_MB
int tmp_length;
if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
{
if (to + tmp_length > to_end)
{
overflow= TRUE;
break;
}
while (tmp_length--)
*to++= *from++;
from--;
continue;
}
/*
If the next character appears to begin a multi-byte character, we
escape that first byte of that apparent multi-byte character. (The
character just looks like a multi-byte character -- if it were actually
a multi-byte character, it would have been passed through in the test
above.)
Without this check, we can create a problem by converting an invalid
multi-byte character into a valid one. For example, 0xbf27 is not
a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
*/
if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
escape= *from;
else
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
escape= '0';
break;
case '\n': /* Must be escaped for logs */
escape= 'n';
break;
case '\r':
escape= 'r';
break;
case '\':
escape= '\';
break;
case '\'':
escape= '\'';
break;
case '"': /* Better safe than sorry */
escape= '"';
break;
case '2': /* This gives problems on Win32 */
escape= 'Z';
break;
}
if (escape)
{
if (to + 2 > to_end)
{
overflow= TRUE;
break;
}
*to++= '\';
*to++= escape;
}
else
{
if (to + 1 > to_end)
{
overflow= TRUE;
break;
}
*to++= *from;
}
}
*to= 0;
return overflow ? (ulong)~0 : (ulong) (to - to_start);
}

Strong with this one, the sudo is.

SpooF
٩๏̯͡๏۶
Joined: May 22, 2004
Posts: 3415
Loc: Richland, WA
Status: Offline

May 16th, 2009, 1:24 pm

I would agree, but in essence thats basically what its doing.

#define NULL (::rand() % 2)

joebert
Sledgehammer
Joined: Feb 10, 2004
Posts: 13458
Loc: Florida
Status: Offline

May 16th, 2009, 1:38 pm

I think it was Nas who said, "It's never what you do, but how it's done".

Strong with this one, the sudo is.

dark_lord
Graduate
Joined: Jan 14, 2009
Posts: 162
Loc: India-Kolkata
Status: Offline

May 16th, 2009, 9:43 pm

SpooF wrote:

Any particular reason they are still using PHP 2.2?

i don't know either. It's a NON-IT company and I'm just working on contract basis.

I told them to upgrade but no use.

And Thanks I'll take care of what you guys told, specially about how it is done part!

Wrap Up your Big Url | Mariana World Community

Page 1 of 1

To Reply to this topic you need to LOGIN or REGISTER. It is free.

Post Information

Total Posts in this topic: 11 posts
Users browsing this forum: No registered users and 215 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

custom/replacement function

Post Information

Sponsored Links

Other Languages

Website Development

Graphics

OS & Hardware

Internet Marketing

Marketplace

Community Area

Ozzu Maintenance

Forum Network

Forum Partners

Other Information