custom/replacement function

  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

well i am working with very low version for a company i.e. PHP 2.2 something which is in PHPtriad!

there we cannot use mysql_real_escape_string() ?

solutions can be
1. Replacement of this?
2. What is there inside that function, so that i can make a custom function?

Anyone?
Thanks in advance!
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

The PHP mysql_real_escape_string is just a wrapper around the MySQL APIs function of the same name.
http://dev.mysql.com/doc/refman/5.0/en/ ... tring.html

Code: [ Select ]
joebert@computer:~/php-5.2.9$ grep -n -r 'PHP_FUNCTION(mysql_real_escape_string)' .
./ext/mysql/php_mysql_structs.h:84:PHP_FUNCTION(mysql_real_escape_string);
./ext/mysql/php_mysql.c:1684:PHP_FUNCTION(mysql_real_escape_string)
joebert@computer:~/php-5.2.9$
  1. joebert@computer:~/php-5.2.9$ grep -n -r 'PHP_FUNCTION(mysql_real_escape_string)' .
  2. ./ext/mysql/php_mysql_structs.h:84:PHP_FUNCTION(mysql_real_escape_string);
  3. ./ext/mysql/php_mysql.c:1684:PHP_FUNCTION(mysql_real_escape_string)
  4. joebert@computer:~/php-5.2.9$



php_mysql.c:1684
Code: [ Select ]
PHP_FUNCTION(mysql_real_escape_string)
{
    zval *mysql_link = NULL;
    char *str;
    char *new_str;
    int id = -1, str_len, new_str_len;
    php_mysql_conn *mysql;
 
 
    if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|r", &str, &str_len, &mysql_link) == FAILURE) {
        return;
    }
 
    if (ZEND_NUM_ARGS() == 1) {
        id = php_mysql_get_default_link(INTERNAL_FUNCTION_PARAM_PASSTHRU);
        CHECK_LINK(id);
    }
 
    ZEND_FETCH_RESOURCE2(mysql, php_mysql_conn *, &mysql_link, id, "MySQL-Link", le_link, le_plink);
 
    new_str = safe_emalloc(str_len, 2, 1);
    new_str_len = mysql_real_escape_string(&mysql->conn, new_str, str, str_len);
    new_str = erealloc(new_str, new_str_len + 1);
 
    RETURN_STRINGL(new_str, new_str_len, 0);
}
  1. PHP_FUNCTION(mysql_real_escape_string)
  2. {
  3.     zval *mysql_link = NULL;
  4.     char *str;
  5.     char *new_str;
  6.     int id = -1, str_len, new_str_len;
  7.     php_mysql_conn *mysql;
  8.  
  9.  
  10.     if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s|r", &str, &str_len, &mysql_link) == FAILURE) {
  11.         return;
  12.     }
  13.  
  14.     if (ZEND_NUM_ARGS() == 1) {
  15.         id = php_mysql_get_default_link(INTERNAL_FUNCTION_PARAM_PASSTHRU);
  16.         CHECK_LINK(id);
  17.     }
  18.  
  19.     ZEND_FETCH_RESOURCE2(mysql, php_mysql_conn *, &mysql_link, id, "MySQL-Link", le_link, le_plink);
  20.  
  21.     new_str = safe_emalloc(str_len, 2, 1);
  22.     new_str_len = mysql_real_escape_string(&mysql->conn, new_str, str, str_len);
  23.     new_str = erealloc(new_str, new_str_len + 1);
  24.  
  25.     RETURN_STRINGL(new_str, new_str_len, 0);
  26. }
  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

:roll: so, i guess there are no solutions?!
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Does PHP 2.2 even support extensions ?
The MySQL extension you have doesn't support mysql_real_escape_string ?
Does the server even have MySQL support for PHP in PHP 2.2 ?
Did you read that manual page at MySQL.com ?
Do you have any way to request the character set in use by the MySQL server that wouldn't require you to escape any user input ? (an SQL query maybe)
Have you looked at the MySQL server source code to see if you can find the definition of the mysql_real_escape_string function in there ?
  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

:shock:
1. probably yes
2. maybe
3. sort of
4. more or less
5. that was a tangent to my head
6. No, i found it bit complicated for me?!

I got the point, I will have to develop a function to validate the user inputs

that's why i was saying, any custom function...
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

PHP.net wrote:
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.


Just build a function that escapes those characters.
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

Any particular reason they are still using PHP 2.2?
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

It's not as simple as escaping certain characters. You have to check configuration values of the MySQL server and also determine which character set is in use so you don't screw up multi-byte characters.

From the MySQL source.

./libmysqld/libmysql.c:1608
Notice how two different functions are called depending on the status of the MySQL server being queried ?
One function doubles up quotes and the other escapes them with backslashes.

Code: [ Select ]
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
  1. ulong STDCALL
  2. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  3.              ulong length)
  4. {
  5.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  6.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  7.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  8. }


Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]
/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape apostrophes by doubling them up
  3.  
  4.   SYNOPSIS
  5.     escape_quotes_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by doubling up any apostrophes that
  14.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  15.     effect on the server.
  16.  
  17.   NOTE
  18.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  19.     mean "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38. #ifdef USE_MB
  39.     int tmp_length;
  40.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  41.     {
  42.       if (to + tmp_length > to_end)
  43.       {
  44.         overflow= TRUE;
  45.         break;
  46.       }
  47.       while (tmp_length--)
  48.     *to++= *from++;
  49.       from--;
  50.       continue;
  51.     }
  52.     /*
  53.       We don't have the same issue here with a non-multi-byte character being
  54.       turned into a multi-byte character by the addition of an escaping
  55.       character, because we are only escaping the ' character with itself.
  56.      */
  57. #endif
  58.     if (*from == '\'')
  59.     {
  60.       if (to + 2 > to_end)
  61.       {
  62.         overflow= TRUE;
  63.         break;
  64.       }
  65.       *to++= '\'';
  66.       *to++= '\'';
  67.     }
  68.     else
  69.     {
  70.       if (to + 1 > to_end)
  71.       {
  72.         overflow= TRUE;
  73.         break;
  74.       }
  75.       *to++= *from;
  76.     }
  77.   }
  78.   *to= 0;
  79.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  80. }


./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into
Code: [ Select ]
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
  1. ulong STDCALL
  2. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  3.              ulong length)
  4. {
  5.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  6.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  7.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  8. }


Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]
/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape apostrophes by doubling them up
  3.  
  4.   SYNOPSIS
  5.     escape_quotes_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by doubling up any apostrophes that
  14.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  15.     effect on the server.
  16.  
  17.   NOTE
  18.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  19.     mean "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38. #ifdef USE_MB
  39.     int tmp_length;
  40.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  41.     {
  42.       if (to + tmp_length > to_end)
  43.       {
  44.         overflow= TRUE;
  45.         break;
  46.       }
  47.       while (tmp_length--)
  48.     *to++= *from++;
  49.       from--;
  50.       continue;
  51.     }
  52.     /*
  53.       We don't have the same issue here with a non-multi-byte character being
  54.       turned into a multi-byte character by the addition of an escaping
  55.       character, because we are only escaping the ' character with itself.
  56.      */
  57. #endif
  58.     if (*from == '\'')
  59.     {
  60.       if (to + 2 > to_end)
  61.       {
  62.         overflow= TRUE;
  63.         break;
  64.       }
  65.       *to++= '\'';
  66.       *to++= '\'';
  67.     }
  68.     else
  69.     {
  70.       if (to + 1 > to_end)
  71.       {
  72.         overflow= TRUE;
  73.         break;
  74.       }
  75.       *to++= *from;
  76.     }
  77.   }
  78.   *to= 0;
  79.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  80. }


./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into
Code: [ Select ]
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
  1. ulong STDCALL
  2. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  3.              ulong length)
  4. {
  5.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  6.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  7.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  8. }


Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]
/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape apostrophes by doubling them up
  3.  
  4.   SYNOPSIS
  5.     escape_quotes_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by doubling up any apostrophes that
  14.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  15.     effect on the server.
  16.  
  17.   NOTE
  18.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  19.     mean "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38. #ifdef USE_MB
  39.     int tmp_length;
  40.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  41.     {
  42.       if (to + tmp_length > to_end)
  43.       {
  44.         overflow= TRUE;
  45.         break;
  46.       }
  47.       while (tmp_length--)
  48.     *to++= *from++;
  49.       from--;
  50.       continue;
  51.     }
  52.     /*
  53.       We don't have the same issue here with a non-multi-byte character being
  54.       turned into a multi-byte character by the addition of an escaping
  55.       character, because we are only escaping the ' character with itself.
  56.      */
  57. #endif
  58.     if (*from == '\'')
  59.     {
  60.       if (to + 2 > to_end)
  61.       {
  62.         overflow= TRUE;
  63.         break;
  64.       }
  65.       *to++= '\'';
  66.       *to++= '\'';
  67.     }
  68.     else
  69.     {
  70.       if (to + 1 > to_end)
  71.       {
  72.         overflow= TRUE;
  73.         break;
  74.       }
  75.       *to++= *from;
  76.     }
  77.   }
  78.   *to= 0;
  79.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  80. }


./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into
Code: [ Select ]
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
  1. ulong STDCALL
  2. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  3.              ulong length)
  4. {
  5.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  6.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  7.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  8. }


Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]
/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape apostrophes by doubling them up
  3.  
  4.   SYNOPSIS
  5.     escape_quotes_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by doubling up any apostrophes that
  14.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  15.     effect on the server.
  16.  
  17.   NOTE
  18.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  19.     mean "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38. #ifdef USE_MB
  39.     int tmp_length;
  40.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  41.     {
  42.       if (to + tmp_length > to_end)
  43.       {
  44.         overflow= TRUE;
  45.         break;
  46.       }
  47.       while (tmp_length--)
  48.     *to++= *from++;
  49.       from--;
  50.       continue;
  51.     }
  52.     /*
  53.       We don't have the same issue here with a non-multi-byte character being
  54.       turned into a multi-byte character by the addition of an escaping
  55.       character, because we are only escaping the ' character with itself.
  56.      */
  57. #endif
  58.     if (*from == '\'')
  59.     {
  60.       if (to + 2 > to_end)
  61.       {
  62.         overflow= TRUE;
  63.         break;
  64.       }
  65.       *to++= '\'';
  66.       *to++= '\'';
  67.     }
  68.     else
  69.     {
  70.       if (to + 1 > to_end)
  71.       {
  72.         overflow= TRUE;
  73.         break;
  74.       }
  75.       *to++= *from;
  76.     }
  77.   }
  78.   *to= 0;
  79.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  80. }


./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into
Code: [ Select ]
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
  1. ulong STDCALL
  2. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  3.              ulong length)
  4. {
  5.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  6.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  7.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  8. }


Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]
/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape apostrophes by doubling them up
  3.  
  4.   SYNOPSIS
  5.     escape_quotes_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by doubling up any apostrophes that
  14.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  15.     effect on the server.
  16.  
  17.   NOTE
  18.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  19.     mean "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38. #ifdef USE_MB
  39.     int tmp_length;
  40.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  41.     {
  42.       if (to + tmp_length > to_end)
  43.       {
  44.         overflow= TRUE;
  45.         break;
  46.       }
  47.       while (tmp_length--)
  48.     *to++= *from++;
  49.       from--;
  50.       continue;
  51.     }
  52.     /*
  53.       We don't have the same issue here with a non-multi-byte character being
  54.       turned into a multi-byte character by the addition of an escaping
  55.       character, because we are only escaping the ' character with itself.
  56.      */
  57. #endif
  58.     if (*from == '\'')
  59.     {
  60.       if (to + 2 > to_end)
  61.       {
  62.         overflow= TRUE;
  63.         break;
  64.       }
  65.       *to++= '\'';
  66.       *to++= '\'';
  67.     }
  68.     else
  69.     {
  70.       if (to + 1 > to_end)
  71.       {
  72.         overflow= TRUE;
  73.         break;
  74.       }
  75.       *to++= *from;
  76.     }
  77.   }
  78.   *to= 0;
  79.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  80. }


./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into
Code: [ Select ]
ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}
  1. ulong STDCALL
  2. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  3.              ulong length)
  4. {
  5.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  6.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  7.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  8. }


Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

Code: [ Select ]
/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape apostrophes by doubling them up
  3.  
  4.   SYNOPSIS
  5.     escape_quotes_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by doubling up any apostrophes that
  14.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  15.     effect on the server.
  16.  
  17.   NOTE
  18.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  19.     mean "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38. #ifdef USE_MB
  39.     int tmp_length;
  40.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  41.     {
  42.       if (to + tmp_length > to_end)
  43.       {
  44.         overflow= TRUE;
  45.         break;
  46.       }
  47.       while (tmp_length--)
  48.     *to++= *from++;
  49.       from--;
  50.       continue;
  51.     }
  52.     /*
  53.       We don't have the same issue here with a non-multi-byte character being
  54.       turned into a multi-byte character by the addition of an escaping
  55.       character, because we are only escaping the ' character with itself.
  56.      */
  57. #endif
  58.     if (*from == '\'')
  59.     {
  60.       if (to + 2 > to_end)
  61.       {
  62.         overflow= TRUE;
  63.         break;
  64.       }
  65.       *to++= '\'';
  66.       *to++= '\'';
  67.     }
  68.     else
  69.     {
  70.       if (to + 1 > to_end)
  71.       {
  72.         overflow= TRUE;
  73.         break;
  74.       }
  75.       *to++= *from;
  76.     }
  77.   }
  78.   *to= 0;
  79.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  80. }


./mysys/charset.c:618

Code: [ Select ]
/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]/*
  Escape string with backslashes (\)
 
  SYNOPSIS
    escape_string_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by adding backslashes before special
    characters, and turning others into specific escape sequences, such as
    turning newlines into \n and null bytes into [code]ulong STDCALL
mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
             ulong length)
{
  if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
    return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
}[/code]

Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.

./mysys/charset.c:758

[code]/*
  Escape apostrophes by doubling them up
 
  SYNOPSIS
    escape_quotes_for_mysql()
    charset_info        Charset of the strings
    to                  Buffer for escaped string
    to_length           Length of destination buffer, or 0
    from                The string to escape
    length              The length of the string to escape
 
  DESCRIPTION
    This escapes the contents of a string by doubling up any apostrophes that
    it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
    effect on the server.
 
  NOTE
    To be consistent with escape_string_for_mysql(), to_length may be 0 to
    mean "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
      We don't have the same issue here with a non-multi-byte character being
      turned into a multi-byte character by the addition of an escaping
      character, because we are only escaping the ' character with itself.
     */
#endif
    if (*from == '\'')
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\'';
      *to++= '\'';
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code]

./mysys/charset.c:618

[code]
  1. /*
  2.   Escape string with backslashes (\)
  3.  
  4.   SYNOPSIS
  5.     escape_string_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by adding backslashes before special
  14.     characters, and turning others into specific escape sequences, such as
  15.     turning newlines into \n and null bytes into \0.
  16.  
  17.   NOTE
  18.     To maintain compatibility with the old C API, to_length may be 0 to mean
  19.     "big enough"
  20.  
  21.   RETURN VALUES
  22.     ~0          The escaped string did not fit in the to buffer
  23.     >=0         The length of the escaped string
  24. */
  25.  
  26. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
  27.                               char *to, ulong to_length,
  28.                               const char *from, ulong length)
  29. {
  30.   const char *to_start= to;
  31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  32.   my_bool overflow= FALSE;
  33. #ifdef USE_MB
  34.   my_bool use_mb_flag= use_mb(charset_info);
  35. #endif
  36.   for (end= from + length; from < end; from++)
  37.   {
  38.     char escape= 0;
  39. #ifdef USE_MB
  40.     int tmp_length;
  41.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  42.     {
  43.       if (to + tmp_length > to_end)
  44.       {
  45.         overflow= TRUE;
  46.         break;
  47.       }
  48.       while (tmp_length--)
  49.     *to++= *from++;
  50.       from--;
  51.       continue;
  52.     }
  53.     /*
  54.      If the next character appears to begin a multi-byte character, we
  55.      escape that first byte of that apparent multi-byte character. (The
  56.      character just looks like a multi-byte character -- if it were actually
  57.      a multi-byte character, it would have been passed through in the test
  58.      above.)
  59.  
  60.      Without this check, we can create a problem by converting an invalid
  61.      multi-byte character into a valid one. For example, 0xbf27 is not
  62.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
  63.     */
  64.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
  65.       escape= *from;
  66.     else
  67. #endif
  68.     switch (*from) {
  69.     case 0:             /* Must be escaped for 'mysql' */
  70.       escape= '0';
  71.       break;
  72.     case '\n':              /* Must be escaped for logs */
  73.       escape= 'n';
  74.       break;
  75.     case '\r':
  76.       escape= 'r';
  77.       break;
  78.     case '\\':
  79.       escape= '\\';
  80.       break;
  81.     case '\'':
  82.       escape= '\'';
  83.       break;
  84.     case '"':               /* Better safe than sorry */
  85.       escape= '"';
  86.       break;
  87.     case '\032':            /* This gives problems on Win32 */
  88.       escape= 'Z';
  89.       break;
  90.     }
  91.     if (escape)
  92.     {
  93.       if (to + 2 > to_end)
  94.       {
  95.         overflow= TRUE;
  96.         break;
  97.       }
  98.       *to++= '\\';
  99.       *to++= escape;
  100.     }
  101.     else
  102.     {
  103.       if (to + 1 > to_end)
  104.       {
  105.         overflow= TRUE;
  106.         break;
  107.       }
  108.       *to++= *from;
  109.     }
  110.   }
  111.   *to= 0;
  112.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  113. }
[/code].
 
  NOTE
    To maintain compatibility with the old C API, to_length may be 0 to mean
    "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
    char escape= 0;
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)
 
     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
    if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
      escape= *from;
    else
#endif
    switch (*from) {
    case 0:             /* Must be escaped for 'mysql' */
      escape= '0';
      break;
    case '\n':              /* Must be escaped for logs */
      escape= 'n';
      break;
    case '\r':
      escape= 'r';
      break;
    case '\':
      escape= '\';
      break;
    case '\'':
      escape= '\'';
      break;
    case '"':               /* Better safe than sorry */
      escape= '"';
      break;
    case '2':            /* This gives problems on Win32 */
      escape= 'Z';
      break;
    }
    if (escape)
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\';
      *to++= escape;
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
 
  NOTE
    To maintain compatibility with the old C API, to_length may be 0 to mean
    "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
    char escape= 0;
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)
 
     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
    if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
      escape= *from;
    else
#endif
    switch (*from) {
    case 0:             /* Must be escaped for 'mysql' */
      escape= '0';
      break;
    case '\n':              /* Must be escaped for logs */
      escape= 'n';
      break;
    case '\r':
      escape= 'r';
      break;
    case '\':
      escape= '\';
      break;
    case '\'':
      escape= '\'';
      break;
    case '"':               /* Better safe than sorry */
      escape= '"';
      break;
    case '2':            /* This gives problems on Win32 */
      escape= 'Z';
      break;
    }
    if (escape)
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\';
      *to++= escape;
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
 
  NOTE
    To maintain compatibility with the old C API, to_length may be 0 to mean
    "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
    char escape= 0;
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)
 
     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
    if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
      escape= *from;
    else
#endif
    switch (*from) {
    case 0:             /* Must be escaped for 'mysql' */
      escape= '0';
      break;
    case '\n':              /* Must be escaped for logs */
      escape= 'n';
      break;
    case '\r':
      escape= 'r';
      break;
    case '\':
      escape= '\';
      break;
    case '\'':
      escape= '\'';
      break;
    case '"':               /* Better safe than sorry */
      escape= '"';
      break;
    case '2':            /* This gives problems on Win32 */
      escape= 'Z';
      break;
    }
    if (escape)
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\';
      *to++= escape;
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
 
  NOTE
    To maintain compatibility with the old C API, to_length may be 0 to mean
    "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
    char escape= 0;
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)
 
     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
    if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
      escape= *from;
    else
#endif
    switch (*from) {
    case 0:             /* Must be escaped for 'mysql' */
      escape= '0';
      break;
    case '\n':              /* Must be escaped for logs */
      escape= 'n';
      break;
    case '\r':
      escape= 'r';
      break;
    case '\':
      escape= '\';
      break;
    case '\'':
      escape= '\'';
      break;
    case '"':               /* Better safe than sorry */
      escape= '"';
      break;
    case '2':            /* This gives problems on Win32 */
      escape= 'Z';
      break;
    }
    if (escape)
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\';
      *to++= escape;
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}[/code].
 
  NOTE
    To maintain compatibility with the old C API, to_length may be 0 to mean
    "big enough"
 
  RETURN VALUES
    ~0          The escaped string did not fit in the to buffer
    >=0         The length of the escaped string
*/
 
ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
                              char *to, ulong to_length,
                              const char *from, ulong length)
{
  const char *to_start= to;
  const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  my_bool overflow= FALSE;
#ifdef USE_MB
  my_bool use_mb_flag= use_mb(charset_info);
#endif
  for (end= from + length; from < end; from++)
  {
    char escape= 0;
#ifdef USE_MB
    int tmp_length;
    if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    {
      if (to + tmp_length > to_end)
      {
        overflow= TRUE;
        break;
      }
      while (tmp_length--)
    *to++= *from++;
      from--;
      continue;
    }
    /*
     If the next character appears to begin a multi-byte character, we
     escape that first byte of that apparent multi-byte character. (The
     character just looks like a multi-byte character -- if it were actually
     a multi-byte character, it would have been passed through in the test
     above.)
 
     Without this check, we can create a problem by converting an invalid
     multi-byte character into a valid one. For example, 0xbf27 is not
     a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    */
    if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
      escape= *from;
    else
#endif
    switch (*from) {
    case 0:             /* Must be escaped for 'mysql' */
      escape= '0';
      break;
    case '\n':              /* Must be escaped for logs */
      escape= 'n';
      break;
    case '\r':
      escape= 'r';
      break;
    case '\':
      escape= '\';
      break;
    case '\'':
      escape= '\'';
      break;
    case '"':               /* Better safe than sorry */
      escape= '"';
      break;
    case '2':            /* This gives problems on Win32 */
      escape= 'Z';
      break;
    }
    if (escape)
    {
      if (to + 2 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= '\';
      *to++= escape;
    }
    else
    {
      if (to + 1 > to_end)
      {
        overflow= TRUE;
        break;
      }
      *to++= *from;
    }
  }
  *to= 0;
  return overflow ? (ulong)~0 : (ulong) (to - to_start);
}
  1. /*
  2.   Escape string with backslashes (\)
  3.  
  4.   SYNOPSIS
  5.     escape_string_for_mysql()
  6.     charset_info        Charset of the strings
  7.     to                  Buffer for escaped string
  8.     to_length           Length of destination buffer, or 0
  9.     from                The string to escape
  10.     length              The length of the string to escape
  11.  
  12.   DESCRIPTION
  13.     This escapes the contents of a string by adding backslashes before special
  14.     characters, and turning others into specific escape sequences, such as
  15.     turning newlines into \n and null bytes into [code]ulong STDCALL
  16. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  17.              ulong length)
  18. {
  19.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  20.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  21.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  22. }[/code]
  23. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  24. ./mysys/charset.c:758
  25. [code]/*
  26.   Escape apostrophes by doubling them up
  27.  
  28.   SYNOPSIS
  29.     escape_quotes_for_mysql()
  30.     charset_info        Charset of the strings
  31.     to                  Buffer for escaped string
  32.     to_length           Length of destination buffer, or 0
  33.     from                The string to escape
  34.     length              The length of the string to escape
  35.  
  36.   DESCRIPTION
  37.     This escapes the contents of a string by doubling up any apostrophes that
  38.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  39.     effect on the server.
  40.  
  41.   NOTE
  42.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  43.     mean "big enough"
  44.  
  45.   RETURN VALUES
  46.     ~0          The escaped string did not fit in the to buffer
  47.     >=0         The length of the escaped string
  48. */
  49.  
  50. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  51.                               char *to, ulong to_length,
  52.                               const char *from, ulong length)
  53. {
  54.   const char *to_start= to;
  55.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  56.   my_bool overflow= FALSE;
  57. #ifdef USE_MB
  58.   my_bool use_mb_flag= use_mb(charset_info);
  59. #endif
  60.   for (end= from + length; from < end; from++)
  61.   {
  62. #ifdef USE_MB
  63.     int tmp_length;
  64.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  65.     {
  66.       if (to + tmp_length > to_end)
  67.       {
  68.         overflow= TRUE;
  69.         break;
  70.       }
  71.       while (tmp_length--)
  72.     *to++= *from++;
  73.       from--;
  74.       continue;
  75.     }
  76.     /*
  77.       We don't have the same issue here with a non-multi-byte character being
  78.       turned into a multi-byte character by the addition of an escaping
  79.       character, because we are only escaping the ' character with itself.
  80.      */
  81. #endif
  82.     if (*from == '\'')
  83.     {
  84.       if (to + 2 > to_end)
  85.       {
  86.         overflow= TRUE;
  87.         break;
  88.       }
  89.       *to++= '\'';
  90.       *to++= '\'';
  91.     }
  92.     else
  93.     {
  94.       if (to + 1 > to_end)
  95.       {
  96.         overflow= TRUE;
  97.         break;
  98.       }
  99.       *to++= *from;
  100.     }
  101.   }
  102.   *to= 0;
  103.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  104. }[/code]
  105. ./mysys/charset.c:618
  106. [code]/*
  107.   Escape string with backslashes (\)
  108.  
  109.   SYNOPSIS
  110.     escape_string_for_mysql()
  111.     charset_info        Charset of the strings
  112.     to                  Buffer for escaped string
  113.     to_length           Length of destination buffer, or 0
  114.     from                The string to escape
  115.     length              The length of the string to escape
  116.  
  117.   DESCRIPTION
  118.     This escapes the contents of a string by adding backslashes before special
  119.     characters, and turning others into specific escape sequences, such as
  120.     turning newlines into \n and null bytes into [code]ulong STDCALL
  121. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  122.              ulong length)
  123. {
  124.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  125.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  126.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  127. }[/code]
  128. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  129. ./mysys/charset.c:758
  130. [code]/*
  131.   Escape apostrophes by doubling them up
  132.  
  133.   SYNOPSIS
  134.     escape_quotes_for_mysql()
  135.     charset_info        Charset of the strings
  136.     to                  Buffer for escaped string
  137.     to_length           Length of destination buffer, or 0
  138.     from                The string to escape
  139.     length              The length of the string to escape
  140.  
  141.   DESCRIPTION
  142.     This escapes the contents of a string by doubling up any apostrophes that
  143.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  144.     effect on the server.
  145.  
  146.   NOTE
  147.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  148.     mean "big enough"
  149.  
  150.   RETURN VALUES
  151.     ~0          The escaped string did not fit in the to buffer
  152.     >=0         The length of the escaped string
  153. */
  154.  
  155. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  156.                               char *to, ulong to_length,
  157.                               const char *from, ulong length)
  158. {
  159.   const char *to_start= to;
  160.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  161.   my_bool overflow= FALSE;
  162. #ifdef USE_MB
  163.   my_bool use_mb_flag= use_mb(charset_info);
  164. #endif
  165.   for (end= from + length; from < end; from++)
  166.   {
  167. #ifdef USE_MB
  168.     int tmp_length;
  169.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  170.     {
  171.       if (to + tmp_length > to_end)
  172.       {
  173.         overflow= TRUE;
  174.         break;
  175.       }
  176.       while (tmp_length--)
  177.     *to++= *from++;
  178.       from--;
  179.       continue;
  180.     }
  181.     /*
  182.       We don't have the same issue here with a non-multi-byte character being
  183.       turned into a multi-byte character by the addition of an escaping
  184.       character, because we are only escaping the ' character with itself.
  185.      */
  186. #endif
  187.     if (*from == '\'')
  188.     {
  189.       if (to + 2 > to_end)
  190.       {
  191.         overflow= TRUE;
  192.         break;
  193.       }
  194.       *to++= '\'';
  195.       *to++= '\'';
  196.     }
  197.     else
  198.     {
  199.       if (to + 1 > to_end)
  200.       {
  201.         overflow= TRUE;
  202.         break;
  203.       }
  204.       *to++= *from;
  205.     }
  206.   }
  207.   *to= 0;
  208.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  209. }[/code]
  210. ./mysys/charset.c:618
  211. [code]/*
  212.   Escape string with backslashes (\)
  213.  
  214.   SYNOPSIS
  215.     escape_string_for_mysql()
  216.     charset_info        Charset of the strings
  217.     to                  Buffer for escaped string
  218.     to_length           Length of destination buffer, or 0
  219.     from                The string to escape
  220.     length              The length of the string to escape
  221.  
  222.   DESCRIPTION
  223.     This escapes the contents of a string by adding backslashes before special
  224.     characters, and turning others into specific escape sequences, such as
  225.     turning newlines into \n and null bytes into [code]ulong STDCALL
  226. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  227.              ulong length)
  228. {
  229.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  230.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  231.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  232. }[/code]
  233. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  234. ./mysys/charset.c:758
  235. [code]/*
  236.   Escape apostrophes by doubling them up
  237.  
  238.   SYNOPSIS
  239.     escape_quotes_for_mysql()
  240.     charset_info        Charset of the strings
  241.     to                  Buffer for escaped string
  242.     to_length           Length of destination buffer, or 0
  243.     from                The string to escape
  244.     length              The length of the string to escape
  245.  
  246.   DESCRIPTION
  247.     This escapes the contents of a string by doubling up any apostrophes that
  248.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  249.     effect on the server.
  250.  
  251.   NOTE
  252.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  253.     mean "big enough"
  254.  
  255.   RETURN VALUES
  256.     ~0          The escaped string did not fit in the to buffer
  257.     >=0         The length of the escaped string
  258. */
  259.  
  260. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  261.                               char *to, ulong to_length,
  262.                               const char *from, ulong length)
  263. {
  264.   const char *to_start= to;
  265.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  266.   my_bool overflow= FALSE;
  267. #ifdef USE_MB
  268.   my_bool use_mb_flag= use_mb(charset_info);
  269. #endif
  270.   for (end= from + length; from < end; from++)
  271.   {
  272. #ifdef USE_MB
  273.     int tmp_length;
  274.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  275.     {
  276.       if (to + tmp_length > to_end)
  277.       {
  278.         overflow= TRUE;
  279.         break;
  280.       }
  281.       while (tmp_length--)
  282.     *to++= *from++;
  283.       from--;
  284.       continue;
  285.     }
  286.     /*
  287.       We don't have the same issue here with a non-multi-byte character being
  288.       turned into a multi-byte character by the addition of an escaping
  289.       character, because we are only escaping the ' character with itself.
  290.      */
  291. #endif
  292.     if (*from == '\'')
  293.     {
  294.       if (to + 2 > to_end)
  295.       {
  296.         overflow= TRUE;
  297.         break;
  298.       }
  299.       *to++= '\'';
  300.       *to++= '\'';
  301.     }
  302.     else
  303.     {
  304.       if (to + 1 > to_end)
  305.       {
  306.         overflow= TRUE;
  307.         break;
  308.       }
  309.       *to++= *from;
  310.     }
  311.   }
  312.   *to= 0;
  313.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  314. }[/code]
  315. ./mysys/charset.c:618
  316. [code]/*
  317.   Escape string with backslashes (\)
  318.  
  319.   SYNOPSIS
  320.     escape_string_for_mysql()
  321.     charset_info        Charset of the strings
  322.     to                  Buffer for escaped string
  323.     to_length           Length of destination buffer, or 0
  324.     from                The string to escape
  325.     length              The length of the string to escape
  326.  
  327.   DESCRIPTION
  328.     This escapes the contents of a string by adding backslashes before special
  329.     characters, and turning others into specific escape sequences, such as
  330.     turning newlines into \n and null bytes into [code]ulong STDCALL
  331. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  332.              ulong length)
  333. {
  334.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  335.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  336.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  337. }[/code]
  338. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  339. ./mysys/charset.c:758
  340. [code]/*
  341.   Escape apostrophes by doubling them up
  342.  
  343.   SYNOPSIS
  344.     escape_quotes_for_mysql()
  345.     charset_info        Charset of the strings
  346.     to                  Buffer for escaped string
  347.     to_length           Length of destination buffer, or 0
  348.     from                The string to escape
  349.     length              The length of the string to escape
  350.  
  351.   DESCRIPTION
  352.     This escapes the contents of a string by doubling up any apostrophes that
  353.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  354.     effect on the server.
  355.  
  356.   NOTE
  357.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  358.     mean "big enough"
  359.  
  360.   RETURN VALUES
  361.     ~0          The escaped string did not fit in the to buffer
  362.     >=0         The length of the escaped string
  363. */
  364.  
  365. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  366.                               char *to, ulong to_length,
  367.                               const char *from, ulong length)
  368. {
  369.   const char *to_start= to;
  370.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  371.   my_bool overflow= FALSE;
  372. #ifdef USE_MB
  373.   my_bool use_mb_flag= use_mb(charset_info);
  374. #endif
  375.   for (end= from + length; from < end; from++)
  376.   {
  377. #ifdef USE_MB
  378.     int tmp_length;
  379.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  380.     {
  381.       if (to + tmp_length > to_end)
  382.       {
  383.         overflow= TRUE;
  384.         break;
  385.       }
  386.       while (tmp_length--)
  387.     *to++= *from++;
  388.       from--;
  389.       continue;
  390.     }
  391.     /*
  392.       We don't have the same issue here with a non-multi-byte character being
  393.       turned into a multi-byte character by the addition of an escaping
  394.       character, because we are only escaping the ' character with itself.
  395.      */
  396. #endif
  397.     if (*from == '\'')
  398.     {
  399.       if (to + 2 > to_end)
  400.       {
  401.         overflow= TRUE;
  402.         break;
  403.       }
  404.       *to++= '\'';
  405.       *to++= '\'';
  406.     }
  407.     else
  408.     {
  409.       if (to + 1 > to_end)
  410.       {
  411.         overflow= TRUE;
  412.         break;
  413.       }
  414.       *to++= *from;
  415.     }
  416.   }
  417.   *to= 0;
  418.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  419. }[/code]
  420. ./mysys/charset.c:618
  421. [code]/*
  422.   Escape string with backslashes (\)
  423.  
  424.   SYNOPSIS
  425.     escape_string_for_mysql()
  426.     charset_info        Charset of the strings
  427.     to                  Buffer for escaped string
  428.     to_length           Length of destination buffer, or 0
  429.     from                The string to escape
  430.     length              The length of the string to escape
  431.  
  432.   DESCRIPTION
  433.     This escapes the contents of a string by adding backslashes before special
  434.     characters, and turning others into specific escape sequences, such as
  435.     turning newlines into \n and null bytes into [code]ulong STDCALL
  436. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  437.              ulong length)
  438. {
  439.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  440.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  441.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  442. }[/code]
  443. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  444. ./mysys/charset.c:758
  445. [code]/*
  446.   Escape apostrophes by doubling them up
  447.  
  448.   SYNOPSIS
  449.     escape_quotes_for_mysql()
  450.     charset_info        Charset of the strings
  451.     to                  Buffer for escaped string
  452.     to_length           Length of destination buffer, or 0
  453.     from                The string to escape
  454.     length              The length of the string to escape
  455.  
  456.   DESCRIPTION
  457.     This escapes the contents of a string by doubling up any apostrophes that
  458.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  459.     effect on the server.
  460.  
  461.   NOTE
  462.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  463.     mean "big enough"
  464.  
  465.   RETURN VALUES
  466.     ~0          The escaped string did not fit in the to buffer
  467.     >=0         The length of the escaped string
  468. */
  469.  
  470. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  471.                               char *to, ulong to_length,
  472.                               const char *from, ulong length)
  473. {
  474.   const char *to_start= to;
  475.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  476.   my_bool overflow= FALSE;
  477. #ifdef USE_MB
  478.   my_bool use_mb_flag= use_mb(charset_info);
  479. #endif
  480.   for (end= from + length; from < end; from++)
  481.   {
  482. #ifdef USE_MB
  483.     int tmp_length;
  484.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  485.     {
  486.       if (to + tmp_length > to_end)
  487.       {
  488.         overflow= TRUE;
  489.         break;
  490.       }
  491.       while (tmp_length--)
  492.     *to++= *from++;
  493.       from--;
  494.       continue;
  495.     }
  496.     /*
  497.       We don't have the same issue here with a non-multi-byte character being
  498.       turned into a multi-byte character by the addition of an escaping
  499.       character, because we are only escaping the ' character with itself.
  500.      */
  501. #endif
  502.     if (*from == '\'')
  503.     {
  504.       if (to + 2 > to_end)
  505.       {
  506.         overflow= TRUE;
  507.         break;
  508.       }
  509.       *to++= '\'';
  510.       *to++= '\'';
  511.     }
  512.     else
  513.     {
  514.       if (to + 1 > to_end)
  515.       {
  516.         overflow= TRUE;
  517.         break;
  518.       }
  519.       *to++= *from;
  520.     }
  521.   }
  522.   *to= 0;
  523.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  524. }[/code]
  525. ./mysys/charset.c:618
  526. [code]/*
  527.   Escape string with backslashes (\)
  528.  
  529.   SYNOPSIS
  530.     escape_string_for_mysql()
  531.     charset_info        Charset of the strings
  532.     to                  Buffer for escaped string
  533.     to_length           Length of destination buffer, or 0
  534.     from                The string to escape
  535.     length              The length of the string to escape
  536.  
  537.   DESCRIPTION
  538.     This escapes the contents of a string by adding backslashes before special
  539.     characters, and turning others into specific escape sequences, such as
  540.     turning newlines into \n and null bytes into [code]ulong STDCALL
  541. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  542.              ulong length)
  543. {
  544.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  545.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  546.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  547. }[/code]
  548. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  549. ./mysys/charset.c:758
  550. [code]/*
  551.   Escape apostrophes by doubling them up
  552.  
  553.   SYNOPSIS
  554.     escape_quotes_for_mysql()
  555.     charset_info        Charset of the strings
  556.     to                  Buffer for escaped string
  557.     to_length           Length of destination buffer, or 0
  558.     from                The string to escape
  559.     length              The length of the string to escape
  560.  
  561.   DESCRIPTION
  562.     This escapes the contents of a string by doubling up any apostrophes that
  563.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  564.     effect on the server.
  565.  
  566.   NOTE
  567.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  568.     mean "big enough"
  569.  
  570.   RETURN VALUES
  571.     ~0          The escaped string did not fit in the to buffer
  572.     >=0         The length of the escaped string
  573. */
  574.  
  575. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  576.                               char *to, ulong to_length,
  577.                               const char *from, ulong length)
  578. {
  579.   const char *to_start= to;
  580.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  581.   my_bool overflow= FALSE;
  582. #ifdef USE_MB
  583.   my_bool use_mb_flag= use_mb(charset_info);
  584. #endif
  585.   for (end= from + length; from < end; from++)
  586.   {
  587. #ifdef USE_MB
  588.     int tmp_length;
  589.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  590.     {
  591.       if (to + tmp_length > to_end)
  592.       {
  593.         overflow= TRUE;
  594.         break;
  595.       }
  596.       while (tmp_length--)
  597.     *to++= *from++;
  598.       from--;
  599.       continue;
  600.     }
  601.     /*
  602.       We don't have the same issue here with a non-multi-byte character being
  603.       turned into a multi-byte character by the addition of an escaping
  604.       character, because we are only escaping the ' character with itself.
  605.      */
  606. #endif
  607.     if (*from == '\'')
  608.     {
  609.       if (to + 2 > to_end)
  610.       {
  611.         overflow= TRUE;
  612.         break;
  613.       }
  614.       *to++= '\'';
  615.       *to++= '\'';
  616.     }
  617.     else
  618.     {
  619.       if (to + 1 > to_end)
  620.       {
  621.         overflow= TRUE;
  622.         break;
  623.       }
  624.       *to++= *from;
  625.     }
  626.   }
  627.   *to= 0;
  628.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  629. }[/code]
  630. ./mysys/charset.c:618
  631. [code]/*
  632.   Escape string with backslashes (\)
  633.  
  634.   SYNOPSIS
  635.     escape_string_for_mysql()
  636.     charset_info        Charset of the strings
  637.     to                  Buffer for escaped string
  638.     to_length           Length of destination buffer, or 0
  639.     from                The string to escape
  640.     length              The length of the string to escape
  641.  
  642.   DESCRIPTION
  643.     This escapes the contents of a string by adding backslashes before special
  644.     characters, and turning others into specific escape sequences, such as
  645.     turning newlines into \n and null bytes into [code]ulong STDCALL
  646. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  647.              ulong length)
  648. {
  649.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  650.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  651.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  652. }[/code]
  653. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  654. ./mysys/charset.c:758
  655. [code]/*
  656.   Escape apostrophes by doubling them up
  657.  
  658.   SYNOPSIS
  659.     escape_quotes_for_mysql()
  660.     charset_info        Charset of the strings
  661.     to                  Buffer for escaped string
  662.     to_length           Length of destination buffer, or 0
  663.     from                The string to escape
  664.     length              The length of the string to escape
  665.  
  666.   DESCRIPTION
  667.     This escapes the contents of a string by doubling up any apostrophes that
  668.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  669.     effect on the server.
  670.  
  671.   NOTE
  672.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  673.     mean "big enough"
  674.  
  675.   RETURN VALUES
  676.     ~0          The escaped string did not fit in the to buffer
  677.     >=0         The length of the escaped string
  678. */
  679.  
  680. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  681.                               char *to, ulong to_length,
  682.                               const char *from, ulong length)
  683. {
  684.   const char *to_start= to;
  685.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  686.   my_bool overflow= FALSE;
  687. #ifdef USE_MB
  688.   my_bool use_mb_flag= use_mb(charset_info);
  689. #endif
  690.   for (end= from + length; from < end; from++)
  691.   {
  692. #ifdef USE_MB
  693.     int tmp_length;
  694.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  695.     {
  696.       if (to + tmp_length > to_end)
  697.       {
  698.         overflow= TRUE;
  699.         break;
  700.       }
  701.       while (tmp_length--)
  702.     *to++= *from++;
  703.       from--;
  704.       continue;
  705.     }
  706.     /*
  707.       We don't have the same issue here with a non-multi-byte character being
  708.       turned into a multi-byte character by the addition of an escaping
  709.       character, because we are only escaping the ' character with itself.
  710.      */
  711. #endif
  712.     if (*from == '\'')
  713.     {
  714.       if (to + 2 > to_end)
  715.       {
  716.         overflow= TRUE;
  717.         break;
  718.       }
  719.       *to++= '\'';
  720.       *to++= '\'';
  721.     }
  722.     else
  723.     {
  724.       if (to + 1 > to_end)
  725.       {
  726.         overflow= TRUE;
  727.         break;
  728.       }
  729.       *to++= *from;
  730.     }
  731.   }
  732.   *to= 0;
  733.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  734. }[/code]
  735. ./mysys/charset.c:618
  736. [code]/*
  737.   Escape string with backslashes (\)
  738.  
  739.   SYNOPSIS
  740.     escape_string_for_mysql()
  741.     charset_info        Charset of the strings
  742.     to                  Buffer for escaped string
  743.     to_length           Length of destination buffer, or 0
  744.     from                The string to escape
  745.     length              The length of the string to escape
  746.  
  747.   DESCRIPTION
  748.     This escapes the contents of a string by adding backslashes before special
  749.     characters, and turning others into specific escape sequences, such as
  750.     turning newlines into \n and null bytes into [code]ulong STDCALL
  751. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  752.              ulong length)
  753. {
  754.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  755.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  756.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  757. }[/code]
  758. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  759. ./mysys/charset.c:758
  760. [code]/*
  761.   Escape apostrophes by doubling them up
  762.  
  763.   SYNOPSIS
  764.     escape_quotes_for_mysql()
  765.     charset_info        Charset of the strings
  766.     to                  Buffer for escaped string
  767.     to_length           Length of destination buffer, or 0
  768.     from                The string to escape
  769.     length              The length of the string to escape
  770.  
  771.   DESCRIPTION
  772.     This escapes the contents of a string by doubling up any apostrophes that
  773.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  774.     effect on the server.
  775.  
  776.   NOTE
  777.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  778.     mean "big enough"
  779.  
  780.   RETURN VALUES
  781.     ~0          The escaped string did not fit in the to buffer
  782.     >=0         The length of the escaped string
  783. */
  784.  
  785. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  786.                               char *to, ulong to_length,
  787.                               const char *from, ulong length)
  788. {
  789.   const char *to_start= to;
  790.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  791.   my_bool overflow= FALSE;
  792. #ifdef USE_MB
  793.   my_bool use_mb_flag= use_mb(charset_info);
  794. #endif
  795.   for (end= from + length; from < end; from++)
  796.   {
  797. #ifdef USE_MB
  798.     int tmp_length;
  799.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  800.     {
  801.       if (to + tmp_length > to_end)
  802.       {
  803.         overflow= TRUE;
  804.         break;
  805.       }
  806.       while (tmp_length--)
  807.     *to++= *from++;
  808.       from--;
  809.       continue;
  810.     }
  811.     /*
  812.       We don't have the same issue here with a non-multi-byte character being
  813.       turned into a multi-byte character by the addition of an escaping
  814.       character, because we are only escaping the ' character with itself.
  815.      */
  816. #endif
  817.     if (*from == '\'')
  818.     {
  819.       if (to + 2 > to_end)
  820.       {
  821.         overflow= TRUE;
  822.         break;
  823.       }
  824.       *to++= '\'';
  825.       *to++= '\'';
  826.     }
  827.     else
  828.     {
  829.       if (to + 1 > to_end)
  830.       {
  831.         overflow= TRUE;
  832.         break;
  833.       }
  834.       *to++= *from;
  835.     }
  836.   }
  837.   *to= 0;
  838.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  839. }[/code]
  840. ./mysys/charset.c:618
  841. [code]/*
  842.   Escape string with backslashes (\)
  843.  
  844.   SYNOPSIS
  845.     escape_string_for_mysql()
  846.     charset_info        Charset of the strings
  847.     to                  Buffer for escaped string
  848.     to_length           Length of destination buffer, or 0
  849.     from                The string to escape
  850.     length              The length of the string to escape
  851.  
  852.   DESCRIPTION
  853.     This escapes the contents of a string by adding backslashes before special
  854.     characters, and turning others into specific escape sequences, such as
  855.     turning newlines into \n and null bytes into [code]ulong STDCALL
  856. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  857.              ulong length)
  858. {
  859.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  860.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  861.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  862. }[/code]
  863. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  864. ./mysys/charset.c:758
  865. [code]/*
  866.   Escape apostrophes by doubling them up
  867.  
  868.   SYNOPSIS
  869.     escape_quotes_for_mysql()
  870.     charset_info        Charset of the strings
  871.     to                  Buffer for escaped string
  872.     to_length           Length of destination buffer, or 0
  873.     from                The string to escape
  874.     length              The length of the string to escape
  875.  
  876.   DESCRIPTION
  877.     This escapes the contents of a string by doubling up any apostrophes that
  878.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  879.     effect on the server.
  880.  
  881.   NOTE
  882.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  883.     mean "big enough"
  884.  
  885.   RETURN VALUES
  886.     ~0          The escaped string did not fit in the to buffer
  887.     >=0         The length of the escaped string
  888. */
  889.  
  890. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  891.                               char *to, ulong to_length,
  892.                               const char *from, ulong length)
  893. {
  894.   const char *to_start= to;
  895.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  896.   my_bool overflow= FALSE;
  897. #ifdef USE_MB
  898.   my_bool use_mb_flag= use_mb(charset_info);
  899. #endif
  900.   for (end= from + length; from < end; from++)
  901.   {
  902. #ifdef USE_MB
  903.     int tmp_length;
  904.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  905.     {
  906.       if (to + tmp_length > to_end)
  907.       {
  908.         overflow= TRUE;
  909.         break;
  910.       }
  911.       while (tmp_length--)
  912.     *to++= *from++;
  913.       from--;
  914.       continue;
  915.     }
  916.     /*
  917.       We don't have the same issue here with a non-multi-byte character being
  918.       turned into a multi-byte character by the addition of an escaping
  919.       character, because we are only escaping the ' character with itself.
  920.      */
  921. #endif
  922.     if (*from == '\'')
  923.     {
  924.       if (to + 2 > to_end)
  925.       {
  926.         overflow= TRUE;
  927.         break;
  928.       }
  929.       *to++= '\'';
  930.       *to++= '\'';
  931.     }
  932.     else
  933.     {
  934.       if (to + 1 > to_end)
  935.       {
  936.         overflow= TRUE;
  937.         break;
  938.       }
  939.       *to++= *from;
  940.     }
  941.   }
  942.   *to= 0;
  943.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  944. }[/code]
  945. ./mysys/charset.c:618
  946. [code]/*
  947.   Escape string with backslashes (\)
  948.  
  949.   SYNOPSIS
  950.     escape_string_for_mysql()
  951.     charset_info        Charset of the strings
  952.     to                  Buffer for escaped string
  953.     to_length           Length of destination buffer, or 0
  954.     from                The string to escape
  955.     length              The length of the string to escape
  956.  
  957.   DESCRIPTION
  958.     This escapes the contents of a string by adding backslashes before special
  959.     characters, and turning others into specific escape sequences, such as
  960.     turning newlines into \n and null bytes into [code]ulong STDCALL
  961. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  962.              ulong length)
  963. {
  964.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  965.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  966.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  967. }[/code]
  968. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  969. ./mysys/charset.c:758
  970. [code]/*
  971.   Escape apostrophes by doubling them up
  972.  
  973.   SYNOPSIS
  974.     escape_quotes_for_mysql()
  975.     charset_info        Charset of the strings
  976.     to                  Buffer for escaped string
  977.     to_length           Length of destination buffer, or 0
  978.     from                The string to escape
  979.     length              The length of the string to escape
  980.  
  981.   DESCRIPTION
  982.     This escapes the contents of a string by doubling up any apostrophes that
  983.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  984.     effect on the server.
  985.  
  986.   NOTE
  987.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  988.     mean "big enough"
  989.  
  990.   RETURN VALUES
  991.     ~0          The escaped string did not fit in the to buffer
  992.     >=0         The length of the escaped string
  993. */
  994.  
  995. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  996.                               char *to, ulong to_length,
  997.                               const char *from, ulong length)
  998. {
  999.   const char *to_start= to;
  1000.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1001.   my_bool overflow= FALSE;
  1002. #ifdef USE_MB
  1003.   my_bool use_mb_flag= use_mb(charset_info);
  1004. #endif
  1005.   for (end= from + length; from < end; from++)
  1006.   {
  1007. #ifdef USE_MB
  1008.     int tmp_length;
  1009.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1010.     {
  1011.       if (to + tmp_length > to_end)
  1012.       {
  1013.         overflow= TRUE;
  1014.         break;
  1015.       }
  1016.       while (tmp_length--)
  1017.     *to++= *from++;
  1018.       from--;
  1019.       continue;
  1020.     }
  1021.     /*
  1022.       We don't have the same issue here with a non-multi-byte character being
  1023.       turned into a multi-byte character by the addition of an escaping
  1024.       character, because we are only escaping the ' character with itself.
  1025.      */
  1026. #endif
  1027.     if (*from == '\'')
  1028.     {
  1029.       if (to + 2 > to_end)
  1030.       {
  1031.         overflow= TRUE;
  1032.         break;
  1033.       }
  1034.       *to++= '\'';
  1035.       *to++= '\'';
  1036.     }
  1037.     else
  1038.     {
  1039.       if (to + 1 > to_end)
  1040.       {
  1041.         overflow= TRUE;
  1042.         break;
  1043.       }
  1044.       *to++= *from;
  1045.     }
  1046.   }
  1047.   *to= 0;
  1048.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1049. }[/code]
  1050. ./mysys/charset.c:618
  1051. [code]/*
  1052.   Escape string with backslashes (\)
  1053.  
  1054.   SYNOPSIS
  1055.     escape_string_for_mysql()
  1056.     charset_info        Charset of the strings
  1057.     to                  Buffer for escaped string
  1058.     to_length           Length of destination buffer, or 0
  1059.     from                The string to escape
  1060.     length              The length of the string to escape
  1061.  
  1062.   DESCRIPTION
  1063.     This escapes the contents of a string by adding backslashes before special
  1064.     characters, and turning others into specific escape sequences, such as
  1065.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1066. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1067.              ulong length)
  1068. {
  1069.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1070.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1071.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1072. }[/code]
  1073. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1074. ./mysys/charset.c:758
  1075. [code]/*
  1076.   Escape apostrophes by doubling them up
  1077.  
  1078.   SYNOPSIS
  1079.     escape_quotes_for_mysql()
  1080.     charset_info        Charset of the strings
  1081.     to                  Buffer for escaped string
  1082.     to_length           Length of destination buffer, or 0
  1083.     from                The string to escape
  1084.     length              The length of the string to escape
  1085.  
  1086.   DESCRIPTION
  1087.     This escapes the contents of a string by doubling up any apostrophes that
  1088.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1089.     effect on the server.
  1090.  
  1091.   NOTE
  1092.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1093.     mean "big enough"
  1094.  
  1095.   RETURN VALUES
  1096.     ~0          The escaped string did not fit in the to buffer
  1097.     >=0         The length of the escaped string
  1098. */
  1099.  
  1100. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1101.                               char *to, ulong to_length,
  1102.                               const char *from, ulong length)
  1103. {
  1104.   const char *to_start= to;
  1105.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1106.   my_bool overflow= FALSE;
  1107. #ifdef USE_MB
  1108.   my_bool use_mb_flag= use_mb(charset_info);
  1109. #endif
  1110.   for (end= from + length; from < end; from++)
  1111.   {
  1112. #ifdef USE_MB
  1113.     int tmp_length;
  1114.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1115.     {
  1116.       if (to + tmp_length > to_end)
  1117.       {
  1118.         overflow= TRUE;
  1119.         break;
  1120.       }
  1121.       while (tmp_length--)
  1122.     *to++= *from++;
  1123.       from--;
  1124.       continue;
  1125.     }
  1126.     /*
  1127.       We don't have the same issue here with a non-multi-byte character being
  1128.       turned into a multi-byte character by the addition of an escaping
  1129.       character, because we are only escaping the ' character with itself.
  1130.      */
  1131. #endif
  1132.     if (*from == '\'')
  1133.     {
  1134.       if (to + 2 > to_end)
  1135.       {
  1136.         overflow= TRUE;
  1137.         break;
  1138.       }
  1139.       *to++= '\'';
  1140.       *to++= '\'';
  1141.     }
  1142.     else
  1143.     {
  1144.       if (to + 1 > to_end)
  1145.       {
  1146.         overflow= TRUE;
  1147.         break;
  1148.       }
  1149.       *to++= *from;
  1150.     }
  1151.   }
  1152.   *to= 0;
  1153.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1154. }[/code]
  1155. ./mysys/charset.c:618
  1156. [code]/*
  1157.   Escape string with backslashes (\)
  1158.  
  1159.   SYNOPSIS
  1160.     escape_string_for_mysql()
  1161.     charset_info        Charset of the strings
  1162.     to                  Buffer for escaped string
  1163.     to_length           Length of destination buffer, or 0
  1164.     from                The string to escape
  1165.     length              The length of the string to escape
  1166.  
  1167.   DESCRIPTION
  1168.     This escapes the contents of a string by adding backslashes before special
  1169.     characters, and turning others into specific escape sequences, such as
  1170.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1171. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1172.              ulong length)
  1173. {
  1174.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1175.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1176.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1177. }[/code]
  1178. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1179. ./mysys/charset.c:758
  1180. [code]/*
  1181.   Escape apostrophes by doubling them up
  1182.  
  1183.   SYNOPSIS
  1184.     escape_quotes_for_mysql()
  1185.     charset_info        Charset of the strings
  1186.     to                  Buffer for escaped string
  1187.     to_length           Length of destination buffer, or 0
  1188.     from                The string to escape
  1189.     length              The length of the string to escape
  1190.  
  1191.   DESCRIPTION
  1192.     This escapes the contents of a string by doubling up any apostrophes that
  1193.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1194.     effect on the server.
  1195.  
  1196.   NOTE
  1197.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1198.     mean "big enough"
  1199.  
  1200.   RETURN VALUES
  1201.     ~0          The escaped string did not fit in the to buffer
  1202.     >=0         The length of the escaped string
  1203. */
  1204.  
  1205. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1206.                               char *to, ulong to_length,
  1207.                               const char *from, ulong length)
  1208. {
  1209.   const char *to_start= to;
  1210.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1211.   my_bool overflow= FALSE;
  1212. #ifdef USE_MB
  1213.   my_bool use_mb_flag= use_mb(charset_info);
  1214. #endif
  1215.   for (end= from + length; from < end; from++)
  1216.   {
  1217. #ifdef USE_MB
  1218.     int tmp_length;
  1219.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1220.     {
  1221.       if (to + tmp_length > to_end)
  1222.       {
  1223.         overflow= TRUE;
  1224.         break;
  1225.       }
  1226.       while (tmp_length--)
  1227.     *to++= *from++;
  1228.       from--;
  1229.       continue;
  1230.     }
  1231.     /*
  1232.       We don't have the same issue here with a non-multi-byte character being
  1233.       turned into a multi-byte character by the addition of an escaping
  1234.       character, because we are only escaping the ' character with itself.
  1235.      */
  1236. #endif
  1237.     if (*from == '\'')
  1238.     {
  1239.       if (to + 2 > to_end)
  1240.       {
  1241.         overflow= TRUE;
  1242.         break;
  1243.       }
  1244.       *to++= '\'';
  1245.       *to++= '\'';
  1246.     }
  1247.     else
  1248.     {
  1249.       if (to + 1 > to_end)
  1250.       {
  1251.         overflow= TRUE;
  1252.         break;
  1253.       }
  1254.       *to++= *from;
  1255.     }
  1256.   }
  1257.   *to= 0;
  1258.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1259. }[/code]
  1260. ./mysys/charset.c:618
  1261. [code]/*
  1262.   Escape string with backslashes (\)
  1263.  
  1264.   SYNOPSIS
  1265.     escape_string_for_mysql()
  1266.     charset_info        Charset of the strings
  1267.     to                  Buffer for escaped string
  1268.     to_length           Length of destination buffer, or 0
  1269.     from                The string to escape
  1270.     length              The length of the string to escape
  1271.  
  1272.   DESCRIPTION
  1273.     This escapes the contents of a string by adding backslashes before special
  1274.     characters, and turning others into specific escape sequences, such as
  1275.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1276. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1277.              ulong length)
  1278. {
  1279.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1280.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1281.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1282. }[/code]
  1283. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1284. ./mysys/charset.c:758
  1285. [code]/*
  1286.   Escape apostrophes by doubling them up
  1287.  
  1288.   SYNOPSIS
  1289.     escape_quotes_for_mysql()
  1290.     charset_info        Charset of the strings
  1291.     to                  Buffer for escaped string
  1292.     to_length           Length of destination buffer, or 0
  1293.     from                The string to escape
  1294.     length              The length of the string to escape
  1295.  
  1296.   DESCRIPTION
  1297.     This escapes the contents of a string by doubling up any apostrophes that
  1298.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1299.     effect on the server.
  1300.  
  1301.   NOTE
  1302.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1303.     mean "big enough"
  1304.  
  1305.   RETURN VALUES
  1306.     ~0          The escaped string did not fit in the to buffer
  1307.     >=0         The length of the escaped string
  1308. */
  1309.  
  1310. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1311.                               char *to, ulong to_length,
  1312.                               const char *from, ulong length)
  1313. {
  1314.   const char *to_start= to;
  1315.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1316.   my_bool overflow= FALSE;
  1317. #ifdef USE_MB
  1318.   my_bool use_mb_flag= use_mb(charset_info);
  1319. #endif
  1320.   for (end= from + length; from < end; from++)
  1321.   {
  1322. #ifdef USE_MB
  1323.     int tmp_length;
  1324.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1325.     {
  1326.       if (to + tmp_length > to_end)
  1327.       {
  1328.         overflow= TRUE;
  1329.         break;
  1330.       }
  1331.       while (tmp_length--)
  1332.     *to++= *from++;
  1333.       from--;
  1334.       continue;
  1335.     }
  1336.     /*
  1337.       We don't have the same issue here with a non-multi-byte character being
  1338.       turned into a multi-byte character by the addition of an escaping
  1339.       character, because we are only escaping the ' character with itself.
  1340.      */
  1341. #endif
  1342.     if (*from == '\'')
  1343.     {
  1344.       if (to + 2 > to_end)
  1345.       {
  1346.         overflow= TRUE;
  1347.         break;
  1348.       }
  1349.       *to++= '\'';
  1350.       *to++= '\'';
  1351.     }
  1352.     else
  1353.     {
  1354.       if (to + 1 > to_end)
  1355.       {
  1356.         overflow= TRUE;
  1357.         break;
  1358.       }
  1359.       *to++= *from;
  1360.     }
  1361.   }
  1362.   *to= 0;
  1363.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1364. }[/code]
  1365. ./mysys/charset.c:618
  1366. [code]/*
  1367.   Escape string with backslashes (\)
  1368.  
  1369.   SYNOPSIS
  1370.     escape_string_for_mysql()
  1371.     charset_info        Charset of the strings
  1372.     to                  Buffer for escaped string
  1373.     to_length           Length of destination buffer, or 0
  1374.     from                The string to escape
  1375.     length              The length of the string to escape
  1376.  
  1377.   DESCRIPTION
  1378.     This escapes the contents of a string by adding backslashes before special
  1379.     characters, and turning others into specific escape sequences, such as
  1380.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1381. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1382.              ulong length)
  1383. {
  1384.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1385.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1386.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1387. }[/code]
  1388. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1389. ./mysys/charset.c:758
  1390. [code]/*
  1391.   Escape apostrophes by doubling them up
  1392.  
  1393.   SYNOPSIS
  1394.     escape_quotes_for_mysql()
  1395.     charset_info        Charset of the strings
  1396.     to                  Buffer for escaped string
  1397.     to_length           Length of destination buffer, or 0
  1398.     from                The string to escape
  1399.     length              The length of the string to escape
  1400.  
  1401.   DESCRIPTION
  1402.     This escapes the contents of a string by doubling up any apostrophes that
  1403.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1404.     effect on the server.
  1405.  
  1406.   NOTE
  1407.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1408.     mean "big enough"
  1409.  
  1410.   RETURN VALUES
  1411.     ~0          The escaped string did not fit in the to buffer
  1412.     >=0         The length of the escaped string
  1413. */
  1414.  
  1415. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1416.                               char *to, ulong to_length,
  1417.                               const char *from, ulong length)
  1418. {
  1419.   const char *to_start= to;
  1420.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1421.   my_bool overflow= FALSE;
  1422. #ifdef USE_MB
  1423.   my_bool use_mb_flag= use_mb(charset_info);
  1424. #endif
  1425.   for (end= from + length; from < end; from++)
  1426.   {
  1427. #ifdef USE_MB
  1428.     int tmp_length;
  1429.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1430.     {
  1431.       if (to + tmp_length > to_end)
  1432.       {
  1433.         overflow= TRUE;
  1434.         break;
  1435.       }
  1436.       while (tmp_length--)
  1437.     *to++= *from++;
  1438.       from--;
  1439.       continue;
  1440.     }
  1441.     /*
  1442.       We don't have the same issue here with a non-multi-byte character being
  1443.       turned into a multi-byte character by the addition of an escaping
  1444.       character, because we are only escaping the ' character with itself.
  1445.      */
  1446. #endif
  1447.     if (*from == '\'')
  1448.     {
  1449.       if (to + 2 > to_end)
  1450.       {
  1451.         overflow= TRUE;
  1452.         break;
  1453.       }
  1454.       *to++= '\'';
  1455.       *to++= '\'';
  1456.     }
  1457.     else
  1458.     {
  1459.       if (to + 1 > to_end)
  1460.       {
  1461.         overflow= TRUE;
  1462.         break;
  1463.       }
  1464.       *to++= *from;
  1465.     }
  1466.   }
  1467.   *to= 0;
  1468.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1469. }[/code]
  1470. ./mysys/charset.c:618
  1471. [code]/*
  1472.   Escape string with backslashes (\)
  1473.  
  1474.   SYNOPSIS
  1475.     escape_string_for_mysql()
  1476.     charset_info        Charset of the strings
  1477.     to                  Buffer for escaped string
  1478.     to_length           Length of destination buffer, or 0
  1479.     from                The string to escape
  1480.     length              The length of the string to escape
  1481.  
  1482.   DESCRIPTION
  1483.     This escapes the contents of a string by adding backslashes before special
  1484.     characters, and turning others into specific escape sequences, such as
  1485.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1486. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1487.              ulong length)
  1488. {
  1489.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1490.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1491.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1492. }[/code]
  1493. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1494. ./mysys/charset.c:758
  1495. [code]/*
  1496.   Escape apostrophes by doubling them up
  1497.  
  1498.   SYNOPSIS
  1499.     escape_quotes_for_mysql()
  1500.     charset_info        Charset of the strings
  1501.     to                  Buffer for escaped string
  1502.     to_length           Length of destination buffer, or 0
  1503.     from                The string to escape
  1504.     length              The length of the string to escape
  1505.  
  1506.   DESCRIPTION
  1507.     This escapes the contents of a string by doubling up any apostrophes that
  1508.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1509.     effect on the server.
  1510.  
  1511.   NOTE
  1512.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1513.     mean "big enough"
  1514.  
  1515.   RETURN VALUES
  1516.     ~0          The escaped string did not fit in the to buffer
  1517.     >=0         The length of the escaped string
  1518. */
  1519.  
  1520. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1521.                               char *to, ulong to_length,
  1522.                               const char *from, ulong length)
  1523. {
  1524.   const char *to_start= to;
  1525.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1526.   my_bool overflow= FALSE;
  1527. #ifdef USE_MB
  1528.   my_bool use_mb_flag= use_mb(charset_info);
  1529. #endif
  1530.   for (end= from + length; from < end; from++)
  1531.   {
  1532. #ifdef USE_MB
  1533.     int tmp_length;
  1534.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1535.     {
  1536.       if (to + tmp_length > to_end)
  1537.       {
  1538.         overflow= TRUE;
  1539.         break;
  1540.       }
  1541.       while (tmp_length--)
  1542.     *to++= *from++;
  1543.       from--;
  1544.       continue;
  1545.     }
  1546.     /*
  1547.       We don't have the same issue here with a non-multi-byte character being
  1548.       turned into a multi-byte character by the addition of an escaping
  1549.       character, because we are only escaping the ' character with itself.
  1550.      */
  1551. #endif
  1552.     if (*from == '\'')
  1553.     {
  1554.       if (to + 2 > to_end)
  1555.       {
  1556.         overflow= TRUE;
  1557.         break;
  1558.       }
  1559.       *to++= '\'';
  1560.       *to++= '\'';
  1561.     }
  1562.     else
  1563.     {
  1564.       if (to + 1 > to_end)
  1565.       {
  1566.         overflow= TRUE;
  1567.         break;
  1568.       }
  1569.       *to++= *from;
  1570.     }
  1571.   }
  1572.   *to= 0;
  1573.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1574. }[/code]
  1575. ./mysys/charset.c:618
  1576. [code]/*
  1577.   Escape string with backslashes (\)
  1578.  
  1579.   SYNOPSIS
  1580.     escape_string_for_mysql()
  1581.     charset_info        Charset of the strings
  1582.     to                  Buffer for escaped string
  1583.     to_length           Length of destination buffer, or 0
  1584.     from                The string to escape
  1585.     length              The length of the string to escape
  1586.  
  1587.   DESCRIPTION
  1588.     This escapes the contents of a string by adding backslashes before special
  1589.     characters, and turning others into specific escape sequences, such as
  1590.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1591. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1592.              ulong length)
  1593. {
  1594.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1595.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1596.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1597. }[/code]
  1598. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1599. ./mysys/charset.c:758
  1600. [code]/*
  1601.   Escape apostrophes by doubling them up
  1602.  
  1603.   SYNOPSIS
  1604.     escape_quotes_for_mysql()
  1605.     charset_info        Charset of the strings
  1606.     to                  Buffer for escaped string
  1607.     to_length           Length of destination buffer, or 0
  1608.     from                The string to escape
  1609.     length              The length of the string to escape
  1610.  
  1611.   DESCRIPTION
  1612.     This escapes the contents of a string by doubling up any apostrophes that
  1613.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1614.     effect on the server.
  1615.  
  1616.   NOTE
  1617.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1618.     mean "big enough"
  1619.  
  1620.   RETURN VALUES
  1621.     ~0          The escaped string did not fit in the to buffer
  1622.     >=0         The length of the escaped string
  1623. */
  1624.  
  1625. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1626.                               char *to, ulong to_length,
  1627.                               const char *from, ulong length)
  1628. {
  1629.   const char *to_start= to;
  1630.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1631.   my_bool overflow= FALSE;
  1632. #ifdef USE_MB
  1633.   my_bool use_mb_flag= use_mb(charset_info);
  1634. #endif
  1635.   for (end= from + length; from < end; from++)
  1636.   {
  1637. #ifdef USE_MB
  1638.     int tmp_length;
  1639.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1640.     {
  1641.       if (to + tmp_length > to_end)
  1642.       {
  1643.         overflow= TRUE;
  1644.         break;
  1645.       }
  1646.       while (tmp_length--)
  1647.     *to++= *from++;
  1648.       from--;
  1649.       continue;
  1650.     }
  1651.     /*
  1652.       We don't have the same issue here with a non-multi-byte character being
  1653.       turned into a multi-byte character by the addition of an escaping
  1654.       character, because we are only escaping the ' character with itself.
  1655.      */
  1656. #endif
  1657.     if (*from == '\'')
  1658.     {
  1659.       if (to + 2 > to_end)
  1660.       {
  1661.         overflow= TRUE;
  1662.         break;
  1663.       }
  1664.       *to++= '\'';
  1665.       *to++= '\'';
  1666.     }
  1667.     else
  1668.     {
  1669.       if (to + 1 > to_end)
  1670.       {
  1671.         overflow= TRUE;
  1672.         break;
  1673.       }
  1674.       *to++= *from;
  1675.     }
  1676.   }
  1677.   *to= 0;
  1678.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1679. }[/code]
  1680. ./mysys/charset.c:618
  1681. [code]/*
  1682.   Escape string with backslashes (\)
  1683.  
  1684.   SYNOPSIS
  1685.     escape_string_for_mysql()
  1686.     charset_info        Charset of the strings
  1687.     to                  Buffer for escaped string
  1688.     to_length           Length of destination buffer, or 0
  1689.     from                The string to escape
  1690.     length              The length of the string to escape
  1691.  
  1692.   DESCRIPTION
  1693.     This escapes the contents of a string by adding backslashes before special
  1694.     characters, and turning others into specific escape sequences, such as
  1695.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1696. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1697.              ulong length)
  1698. {
  1699.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1700.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1701.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1702. }[/code]
  1703. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1704. ./mysys/charset.c:758
  1705. [code]/*
  1706.   Escape apostrophes by doubling them up
  1707.  
  1708.   SYNOPSIS
  1709.     escape_quotes_for_mysql()
  1710.     charset_info        Charset of the strings
  1711.     to                  Buffer for escaped string
  1712.     to_length           Length of destination buffer, or 0
  1713.     from                The string to escape
  1714.     length              The length of the string to escape
  1715.  
  1716.   DESCRIPTION
  1717.     This escapes the contents of a string by doubling up any apostrophes that
  1718.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1719.     effect on the server.
  1720.  
  1721.   NOTE
  1722.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1723.     mean "big enough"
  1724.  
  1725.   RETURN VALUES
  1726.     ~0          The escaped string did not fit in the to buffer
  1727.     >=0         The length of the escaped string
  1728. */
  1729.  
  1730. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1731.                               char *to, ulong to_length,
  1732.                               const char *from, ulong length)
  1733. {
  1734.   const char *to_start= to;
  1735.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1736.   my_bool overflow= FALSE;
  1737. #ifdef USE_MB
  1738.   my_bool use_mb_flag= use_mb(charset_info);
  1739. #endif
  1740.   for (end= from + length; from < end; from++)
  1741.   {
  1742. #ifdef USE_MB
  1743.     int tmp_length;
  1744.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1745.     {
  1746.       if (to + tmp_length > to_end)
  1747.       {
  1748.         overflow= TRUE;
  1749.         break;
  1750.       }
  1751.       while (tmp_length--)
  1752.     *to++= *from++;
  1753.       from--;
  1754.       continue;
  1755.     }
  1756.     /*
  1757.       We don't have the same issue here with a non-multi-byte character being
  1758.       turned into a multi-byte character by the addition of an escaping
  1759.       character, because we are only escaping the ' character with itself.
  1760.      */
  1761. #endif
  1762.     if (*from == '\'')
  1763.     {
  1764.       if (to + 2 > to_end)
  1765.       {
  1766.         overflow= TRUE;
  1767.         break;
  1768.       }
  1769.       *to++= '\'';
  1770.       *to++= '\'';
  1771.     }
  1772.     else
  1773.     {
  1774.       if (to + 1 > to_end)
  1775.       {
  1776.         overflow= TRUE;
  1777.         break;
  1778.       }
  1779.       *to++= *from;
  1780.     }
  1781.   }
  1782.   *to= 0;
  1783.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1784. }[/code]
  1785. ./mysys/charset.c:618
  1786. [code]/*
  1787.   Escape string with backslashes (\)
  1788.  
  1789.   SYNOPSIS
  1790.     escape_string_for_mysql()
  1791.     charset_info        Charset of the strings
  1792.     to                  Buffer for escaped string
  1793.     to_length           Length of destination buffer, or 0
  1794.     from                The string to escape
  1795.     length              The length of the string to escape
  1796.  
  1797.   DESCRIPTION
  1798.     This escapes the contents of a string by adding backslashes before special
  1799.     characters, and turning others into specific escape sequences, such as
  1800.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1801. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1802.              ulong length)
  1803. {
  1804.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1805.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1806.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1807. }[/code]
  1808. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1809. ./mysys/charset.c:758
  1810. [code]/*
  1811.   Escape apostrophes by doubling them up
  1812.  
  1813.   SYNOPSIS
  1814.     escape_quotes_for_mysql()
  1815.     charset_info        Charset of the strings
  1816.     to                  Buffer for escaped string
  1817.     to_length           Length of destination buffer, or 0
  1818.     from                The string to escape
  1819.     length              The length of the string to escape
  1820.  
  1821.   DESCRIPTION
  1822.     This escapes the contents of a string by doubling up any apostrophes that
  1823.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1824.     effect on the server.
  1825.  
  1826.   NOTE
  1827.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1828.     mean "big enough"
  1829.  
  1830.   RETURN VALUES
  1831.     ~0          The escaped string did not fit in the to buffer
  1832.     >=0         The length of the escaped string
  1833. */
  1834.  
  1835. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1836.                               char *to, ulong to_length,
  1837.                               const char *from, ulong length)
  1838. {
  1839.   const char *to_start= to;
  1840.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1841.   my_bool overflow= FALSE;
  1842. #ifdef USE_MB
  1843.   my_bool use_mb_flag= use_mb(charset_info);
  1844. #endif
  1845.   for (end= from + length; from < end; from++)
  1846.   {
  1847. #ifdef USE_MB
  1848.     int tmp_length;
  1849.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1850.     {
  1851.       if (to + tmp_length > to_end)
  1852.       {
  1853.         overflow= TRUE;
  1854.         break;
  1855.       }
  1856.       while (tmp_length--)
  1857.     *to++= *from++;
  1858.       from--;
  1859.       continue;
  1860.     }
  1861.     /*
  1862.       We don't have the same issue here with a non-multi-byte character being
  1863.       turned into a multi-byte character by the addition of an escaping
  1864.       character, because we are only escaping the ' character with itself.
  1865.      */
  1866. #endif
  1867.     if (*from == '\'')
  1868.     {
  1869.       if (to + 2 > to_end)
  1870.       {
  1871.         overflow= TRUE;
  1872.         break;
  1873.       }
  1874.       *to++= '\'';
  1875.       *to++= '\'';
  1876.     }
  1877.     else
  1878.     {
  1879.       if (to + 1 > to_end)
  1880.       {
  1881.         overflow= TRUE;
  1882.         break;
  1883.       }
  1884.       *to++= *from;
  1885.     }
  1886.   }
  1887.   *to= 0;
  1888.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1889. }[/code]
  1890. ./mysys/charset.c:618
  1891. [code]/*
  1892.   Escape string with backslashes (\)
  1893.  
  1894.   SYNOPSIS
  1895.     escape_string_for_mysql()
  1896.     charset_info        Charset of the strings
  1897.     to                  Buffer for escaped string
  1898.     to_length           Length of destination buffer, or 0
  1899.     from                The string to escape
  1900.     length              The length of the string to escape
  1901.  
  1902.   DESCRIPTION
  1903.     This escapes the contents of a string by adding backslashes before special
  1904.     characters, and turning others into specific escape sequences, such as
  1905.     turning newlines into \n and null bytes into [code]ulong STDCALL
  1906. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  1907.              ulong length)
  1908. {
  1909.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  1910.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  1911.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  1912. }[/code]
  1913. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  1914. ./mysys/charset.c:758
  1915. [code]/*
  1916.   Escape apostrophes by doubling them up
  1917.  
  1918.   SYNOPSIS
  1919.     escape_quotes_for_mysql()
  1920.     charset_info        Charset of the strings
  1921.     to                  Buffer for escaped string
  1922.     to_length           Length of destination buffer, or 0
  1923.     from                The string to escape
  1924.     length              The length of the string to escape
  1925.  
  1926.   DESCRIPTION
  1927.     This escapes the contents of a string by doubling up any apostrophes that
  1928.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  1929.     effect on the server.
  1930.  
  1931.   NOTE
  1932.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  1933.     mean "big enough"
  1934.  
  1935.   RETURN VALUES
  1936.     ~0          The escaped string did not fit in the to buffer
  1937.     >=0         The length of the escaped string
  1938. */
  1939.  
  1940. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  1941.                               char *to, ulong to_length,
  1942.                               const char *from, ulong length)
  1943. {
  1944.   const char *to_start= to;
  1945.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  1946.   my_bool overflow= FALSE;
  1947. #ifdef USE_MB
  1948.   my_bool use_mb_flag= use_mb(charset_info);
  1949. #endif
  1950.   for (end= from + length; from < end; from++)
  1951.   {
  1952. #ifdef USE_MB
  1953.     int tmp_length;
  1954.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  1955.     {
  1956.       if (to + tmp_length > to_end)
  1957.       {
  1958.         overflow= TRUE;
  1959.         break;
  1960.       }
  1961.       while (tmp_length--)
  1962.     *to++= *from++;
  1963.       from--;
  1964.       continue;
  1965.     }
  1966.     /*
  1967.       We don't have the same issue here with a non-multi-byte character being
  1968.       turned into a multi-byte character by the addition of an escaping
  1969.       character, because we are only escaping the ' character with itself.
  1970.      */
  1971. #endif
  1972.     if (*from == '\'')
  1973.     {
  1974.       if (to + 2 > to_end)
  1975.       {
  1976.         overflow= TRUE;
  1977.         break;
  1978.       }
  1979.       *to++= '\'';
  1980.       *to++= '\'';
  1981.     }
  1982.     else
  1983.     {
  1984.       if (to + 1 > to_end)
  1985.       {
  1986.         overflow= TRUE;
  1987.         break;
  1988.       }
  1989.       *to++= *from;
  1990.     }
  1991.   }
  1992.   *to= 0;
  1993.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  1994. }[/code]
  1995. ./mysys/charset.c:618
  1996. [code]/*
  1997.   Escape string with backslashes (\)
  1998.  
  1999.   SYNOPSIS
  2000.     escape_string_for_mysql()
  2001.     charset_info        Charset of the strings
  2002.     to                  Buffer for escaped string
  2003.     to_length           Length of destination buffer, or 0
  2004.     from                The string to escape
  2005.     length              The length of the string to escape
  2006.  
  2007.   DESCRIPTION
  2008.     This escapes the contents of a string by adding backslashes before special
  2009.     characters, and turning others into specific escape sequences, such as
  2010.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2011. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2012.              ulong length)
  2013. {
  2014.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2015.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2016.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2017. }[/code]
  2018. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2019. ./mysys/charset.c:758
  2020. [code]/*
  2021.   Escape apostrophes by doubling them up
  2022.  
  2023.   SYNOPSIS
  2024.     escape_quotes_for_mysql()
  2025.     charset_info        Charset of the strings
  2026.     to                  Buffer for escaped string
  2027.     to_length           Length of destination buffer, or 0
  2028.     from                The string to escape
  2029.     length              The length of the string to escape
  2030.  
  2031.   DESCRIPTION
  2032.     This escapes the contents of a string by doubling up any apostrophes that
  2033.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2034.     effect on the server.
  2035.  
  2036.   NOTE
  2037.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2038.     mean "big enough"
  2039.  
  2040.   RETURN VALUES
  2041.     ~0          The escaped string did not fit in the to buffer
  2042.     >=0         The length of the escaped string
  2043. */
  2044.  
  2045. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2046.                               char *to, ulong to_length,
  2047.                               const char *from, ulong length)
  2048. {
  2049.   const char *to_start= to;
  2050.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2051.   my_bool overflow= FALSE;
  2052. #ifdef USE_MB
  2053.   my_bool use_mb_flag= use_mb(charset_info);
  2054. #endif
  2055.   for (end= from + length; from < end; from++)
  2056.   {
  2057. #ifdef USE_MB
  2058.     int tmp_length;
  2059.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2060.     {
  2061.       if (to + tmp_length > to_end)
  2062.       {
  2063.         overflow= TRUE;
  2064.         break;
  2065.       }
  2066.       while (tmp_length--)
  2067.     *to++= *from++;
  2068.       from--;
  2069.       continue;
  2070.     }
  2071.     /*
  2072.       We don't have the same issue here with a non-multi-byte character being
  2073.       turned into a multi-byte character by the addition of an escaping
  2074.       character, because we are only escaping the ' character with itself.
  2075.      */
  2076. #endif
  2077.     if (*from == '\'')
  2078.     {
  2079.       if (to + 2 > to_end)
  2080.       {
  2081.         overflow= TRUE;
  2082.         break;
  2083.       }
  2084.       *to++= '\'';
  2085.       *to++= '\'';
  2086.     }
  2087.     else
  2088.     {
  2089.       if (to + 1 > to_end)
  2090.       {
  2091.         overflow= TRUE;
  2092.         break;
  2093.       }
  2094.       *to++= *from;
  2095.     }
  2096.   }
  2097.   *to= 0;
  2098.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2099. }[/code]
  2100. ./mysys/charset.c:618
  2101. [code]/*
  2102.   Escape string with backslashes (\)
  2103.  
  2104.   SYNOPSIS
  2105.     escape_string_for_mysql()
  2106.     charset_info        Charset of the strings
  2107.     to                  Buffer for escaped string
  2108.     to_length           Length of destination buffer, or 0
  2109.     from                The string to escape
  2110.     length              The length of the string to escape
  2111.  
  2112.   DESCRIPTION
  2113.     This escapes the contents of a string by adding backslashes before special
  2114.     characters, and turning others into specific escape sequences, such as
  2115.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2116. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2117.              ulong length)
  2118. {
  2119.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2120.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2121.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2122. }[/code]
  2123. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2124. ./mysys/charset.c:758
  2125. [code]/*
  2126.   Escape apostrophes by doubling them up
  2127.  
  2128.   SYNOPSIS
  2129.     escape_quotes_for_mysql()
  2130.     charset_info        Charset of the strings
  2131.     to                  Buffer for escaped string
  2132.     to_length           Length of destination buffer, or 0
  2133.     from                The string to escape
  2134.     length              The length of the string to escape
  2135.  
  2136.   DESCRIPTION
  2137.     This escapes the contents of a string by doubling up any apostrophes that
  2138.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2139.     effect on the server.
  2140.  
  2141.   NOTE
  2142.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2143.     mean "big enough"
  2144.  
  2145.   RETURN VALUES
  2146.     ~0          The escaped string did not fit in the to buffer
  2147.     >=0         The length of the escaped string
  2148. */
  2149.  
  2150. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2151.                               char *to, ulong to_length,
  2152.                               const char *from, ulong length)
  2153. {
  2154.   const char *to_start= to;
  2155.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2156.   my_bool overflow= FALSE;
  2157. #ifdef USE_MB
  2158.   my_bool use_mb_flag= use_mb(charset_info);
  2159. #endif
  2160.   for (end= from + length; from < end; from++)
  2161.   {
  2162. #ifdef USE_MB
  2163.     int tmp_length;
  2164.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2165.     {
  2166.       if (to + tmp_length > to_end)
  2167.       {
  2168.         overflow= TRUE;
  2169.         break;
  2170.       }
  2171.       while (tmp_length--)
  2172.     *to++= *from++;
  2173.       from--;
  2174.       continue;
  2175.     }
  2176.     /*
  2177.       We don't have the same issue here with a non-multi-byte character being
  2178.       turned into a multi-byte character by the addition of an escaping
  2179.       character, because we are only escaping the ' character with itself.
  2180.      */
  2181. #endif
  2182.     if (*from == '\'')
  2183.     {
  2184.       if (to + 2 > to_end)
  2185.       {
  2186.         overflow= TRUE;
  2187.         break;
  2188.       }
  2189.       *to++= '\'';
  2190.       *to++= '\'';
  2191.     }
  2192.     else
  2193.     {
  2194.       if (to + 1 > to_end)
  2195.       {
  2196.         overflow= TRUE;
  2197.         break;
  2198.       }
  2199.       *to++= *from;
  2200.     }
  2201.   }
  2202.   *to= 0;
  2203.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2204. }[/code]
  2205. ./mysys/charset.c:618
  2206. [code]/*
  2207.   Escape string with backslashes (\)
  2208.  
  2209.   SYNOPSIS
  2210.     escape_string_for_mysql()
  2211.     charset_info        Charset of the strings
  2212.     to                  Buffer for escaped string
  2213.     to_length           Length of destination buffer, or 0
  2214.     from                The string to escape
  2215.     length              The length of the string to escape
  2216.  
  2217.   DESCRIPTION
  2218.     This escapes the contents of a string by adding backslashes before special
  2219.     characters, and turning others into specific escape sequences, such as
  2220.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2221. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2222.              ulong length)
  2223. {
  2224.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2225.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2226.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2227. }[/code]
  2228. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2229. ./mysys/charset.c:758
  2230. [code]/*
  2231.   Escape apostrophes by doubling them up
  2232.  
  2233.   SYNOPSIS
  2234.     escape_quotes_for_mysql()
  2235.     charset_info        Charset of the strings
  2236.     to                  Buffer for escaped string
  2237.     to_length           Length of destination buffer, or 0
  2238.     from                The string to escape
  2239.     length              The length of the string to escape
  2240.  
  2241.   DESCRIPTION
  2242.     This escapes the contents of a string by doubling up any apostrophes that
  2243.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2244.     effect on the server.
  2245.  
  2246.   NOTE
  2247.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2248.     mean "big enough"
  2249.  
  2250.   RETURN VALUES
  2251.     ~0          The escaped string did not fit in the to buffer
  2252.     >=0         The length of the escaped string
  2253. */
  2254.  
  2255. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2256.                               char *to, ulong to_length,
  2257.                               const char *from, ulong length)
  2258. {
  2259.   const char *to_start= to;
  2260.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2261.   my_bool overflow= FALSE;
  2262. #ifdef USE_MB
  2263.   my_bool use_mb_flag= use_mb(charset_info);
  2264. #endif
  2265.   for (end= from + length; from < end; from++)
  2266.   {
  2267. #ifdef USE_MB
  2268.     int tmp_length;
  2269.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2270.     {
  2271.       if (to + tmp_length > to_end)
  2272.       {
  2273.         overflow= TRUE;
  2274.         break;
  2275.       }
  2276.       while (tmp_length--)
  2277.     *to++= *from++;
  2278.       from--;
  2279.       continue;
  2280.     }
  2281.     /*
  2282.       We don't have the same issue here with a non-multi-byte character being
  2283.       turned into a multi-byte character by the addition of an escaping
  2284.       character, because we are only escaping the ' character with itself.
  2285.      */
  2286. #endif
  2287.     if (*from == '\'')
  2288.     {
  2289.       if (to + 2 > to_end)
  2290.       {
  2291.         overflow= TRUE;
  2292.         break;
  2293.       }
  2294.       *to++= '\'';
  2295.       *to++= '\'';
  2296.     }
  2297.     else
  2298.     {
  2299.       if (to + 1 > to_end)
  2300.       {
  2301.         overflow= TRUE;
  2302.         break;
  2303.       }
  2304.       *to++= *from;
  2305.     }
  2306.   }
  2307.   *to= 0;
  2308.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2309. }[/code]
  2310. ./mysys/charset.c:618
  2311. [code]/*
  2312.   Escape string with backslashes (\)
  2313.  
  2314.   SYNOPSIS
  2315.     escape_string_for_mysql()
  2316.     charset_info        Charset of the strings
  2317.     to                  Buffer for escaped string
  2318.     to_length           Length of destination buffer, or 0
  2319.     from                The string to escape
  2320.     length              The length of the string to escape
  2321.  
  2322.   DESCRIPTION
  2323.     This escapes the contents of a string by adding backslashes before special
  2324.     characters, and turning others into specific escape sequences, such as
  2325.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2326. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2327.              ulong length)
  2328. {
  2329.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2330.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2331.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2332. }[/code]
  2333. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2334. ./mysys/charset.c:758
  2335. [code]/*
  2336.   Escape apostrophes by doubling them up
  2337.  
  2338.   SYNOPSIS
  2339.     escape_quotes_for_mysql()
  2340.     charset_info        Charset of the strings
  2341.     to                  Buffer for escaped string
  2342.     to_length           Length of destination buffer, or 0
  2343.     from                The string to escape
  2344.     length              The length of the string to escape
  2345.  
  2346.   DESCRIPTION
  2347.     This escapes the contents of a string by doubling up any apostrophes that
  2348.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2349.     effect on the server.
  2350.  
  2351.   NOTE
  2352.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2353.     mean "big enough"
  2354.  
  2355.   RETURN VALUES
  2356.     ~0          The escaped string did not fit in the to buffer
  2357.     >=0         The length of the escaped string
  2358. */
  2359.  
  2360. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2361.                               char *to, ulong to_length,
  2362.                               const char *from, ulong length)
  2363. {
  2364.   const char *to_start= to;
  2365.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2366.   my_bool overflow= FALSE;
  2367. #ifdef USE_MB
  2368.   my_bool use_mb_flag= use_mb(charset_info);
  2369. #endif
  2370.   for (end= from + length; from < end; from++)
  2371.   {
  2372. #ifdef USE_MB
  2373.     int tmp_length;
  2374.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2375.     {
  2376.       if (to + tmp_length > to_end)
  2377.       {
  2378.         overflow= TRUE;
  2379.         break;
  2380.       }
  2381.       while (tmp_length--)
  2382.     *to++= *from++;
  2383.       from--;
  2384.       continue;
  2385.     }
  2386.     /*
  2387.       We don't have the same issue here with a non-multi-byte character being
  2388.       turned into a multi-byte character by the addition of an escaping
  2389.       character, because we are only escaping the ' character with itself.
  2390.      */
  2391. #endif
  2392.     if (*from == '\'')
  2393.     {
  2394.       if (to + 2 > to_end)
  2395.       {
  2396.         overflow= TRUE;
  2397.         break;
  2398.       }
  2399.       *to++= '\'';
  2400.       *to++= '\'';
  2401.     }
  2402.     else
  2403.     {
  2404.       if (to + 1 > to_end)
  2405.       {
  2406.         overflow= TRUE;
  2407.         break;
  2408.       }
  2409.       *to++= *from;
  2410.     }
  2411.   }
  2412.   *to= 0;
  2413.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2414. }[/code]
  2415. ./mysys/charset.c:618
  2416. [code]/*
  2417.   Escape string with backslashes (\)
  2418.  
  2419.   SYNOPSIS
  2420.     escape_string_for_mysql()
  2421.     charset_info        Charset of the strings
  2422.     to                  Buffer for escaped string
  2423.     to_length           Length of destination buffer, or 0
  2424.     from                The string to escape
  2425.     length              The length of the string to escape
  2426.  
  2427.   DESCRIPTION
  2428.     This escapes the contents of a string by adding backslashes before special
  2429.     characters, and turning others into specific escape sequences, such as
  2430.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2431. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2432.              ulong length)
  2433. {
  2434.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2435.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2436.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2437. }[/code]
  2438. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2439. ./mysys/charset.c:758
  2440. [code]/*
  2441.   Escape apostrophes by doubling them up
  2442.  
  2443.   SYNOPSIS
  2444.     escape_quotes_for_mysql()
  2445.     charset_info        Charset of the strings
  2446.     to                  Buffer for escaped string
  2447.     to_length           Length of destination buffer, or 0
  2448.     from                The string to escape
  2449.     length              The length of the string to escape
  2450.  
  2451.   DESCRIPTION
  2452.     This escapes the contents of a string by doubling up any apostrophes that
  2453.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2454.     effect on the server.
  2455.  
  2456.   NOTE
  2457.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2458.     mean "big enough"
  2459.  
  2460.   RETURN VALUES
  2461.     ~0          The escaped string did not fit in the to buffer
  2462.     >=0         The length of the escaped string
  2463. */
  2464.  
  2465. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2466.                               char *to, ulong to_length,
  2467.                               const char *from, ulong length)
  2468. {
  2469.   const char *to_start= to;
  2470.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2471.   my_bool overflow= FALSE;
  2472. #ifdef USE_MB
  2473.   my_bool use_mb_flag= use_mb(charset_info);
  2474. #endif
  2475.   for (end= from + length; from < end; from++)
  2476.   {
  2477. #ifdef USE_MB
  2478.     int tmp_length;
  2479.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2480.     {
  2481.       if (to + tmp_length > to_end)
  2482.       {
  2483.         overflow= TRUE;
  2484.         break;
  2485.       }
  2486.       while (tmp_length--)
  2487.     *to++= *from++;
  2488.       from--;
  2489.       continue;
  2490.     }
  2491.     /*
  2492.       We don't have the same issue here with a non-multi-byte character being
  2493.       turned into a multi-byte character by the addition of an escaping
  2494.       character, because we are only escaping the ' character with itself.
  2495.      */
  2496. #endif
  2497.     if (*from == '\'')
  2498.     {
  2499.       if (to + 2 > to_end)
  2500.       {
  2501.         overflow= TRUE;
  2502.         break;
  2503.       }
  2504.       *to++= '\'';
  2505.       *to++= '\'';
  2506.     }
  2507.     else
  2508.     {
  2509.       if (to + 1 > to_end)
  2510.       {
  2511.         overflow= TRUE;
  2512.         break;
  2513.       }
  2514.       *to++= *from;
  2515.     }
  2516.   }
  2517.   *to= 0;
  2518.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2519. }[/code]
  2520. ./mysys/charset.c:618
  2521. [code]/*
  2522.   Escape string with backslashes (\)
  2523.  
  2524.   SYNOPSIS
  2525.     escape_string_for_mysql()
  2526.     charset_info        Charset of the strings
  2527.     to                  Buffer for escaped string
  2528.     to_length           Length of destination buffer, or 0
  2529.     from                The string to escape
  2530.     length              The length of the string to escape
  2531.  
  2532.   DESCRIPTION
  2533.     This escapes the contents of a string by adding backslashes before special
  2534.     characters, and turning others into specific escape sequences, such as
  2535.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2536. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2537.              ulong length)
  2538. {
  2539.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2540.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2541.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2542. }[/code]
  2543. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2544. ./mysys/charset.c:758
  2545. [code]/*
  2546.   Escape apostrophes by doubling them up
  2547.  
  2548.   SYNOPSIS
  2549.     escape_quotes_for_mysql()
  2550.     charset_info        Charset of the strings
  2551.     to                  Buffer for escaped string
  2552.     to_length           Length of destination buffer, or 0
  2553.     from                The string to escape
  2554.     length              The length of the string to escape
  2555.  
  2556.   DESCRIPTION
  2557.     This escapes the contents of a string by doubling up any apostrophes that
  2558.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2559.     effect on the server.
  2560.  
  2561.   NOTE
  2562.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2563.     mean "big enough"
  2564.  
  2565.   RETURN VALUES
  2566.     ~0          The escaped string did not fit in the to buffer
  2567.     >=0         The length of the escaped string
  2568. */
  2569.  
  2570. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2571.                               char *to, ulong to_length,
  2572.                               const char *from, ulong length)
  2573. {
  2574.   const char *to_start= to;
  2575.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2576.   my_bool overflow= FALSE;
  2577. #ifdef USE_MB
  2578.   my_bool use_mb_flag= use_mb(charset_info);
  2579. #endif
  2580.   for (end= from + length; from < end; from++)
  2581.   {
  2582. #ifdef USE_MB
  2583.     int tmp_length;
  2584.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2585.     {
  2586.       if (to + tmp_length > to_end)
  2587.       {
  2588.         overflow= TRUE;
  2589.         break;
  2590.       }
  2591.       while (tmp_length--)
  2592.     *to++= *from++;
  2593.       from--;
  2594.       continue;
  2595.     }
  2596.     /*
  2597.       We don't have the same issue here with a non-multi-byte character being
  2598.       turned into a multi-byte character by the addition of an escaping
  2599.       character, because we are only escaping the ' character with itself.
  2600.      */
  2601. #endif
  2602.     if (*from == '\'')
  2603.     {
  2604.       if (to + 2 > to_end)
  2605.       {
  2606.         overflow= TRUE;
  2607.         break;
  2608.       }
  2609.       *to++= '\'';
  2610.       *to++= '\'';
  2611.     }
  2612.     else
  2613.     {
  2614.       if (to + 1 > to_end)
  2615.       {
  2616.         overflow= TRUE;
  2617.         break;
  2618.       }
  2619.       *to++= *from;
  2620.     }
  2621.   }
  2622.   *to= 0;
  2623.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2624. }[/code]
  2625. ./mysys/charset.c:618
  2626. [code]/*
  2627.   Escape string with backslashes (\)
  2628.  
  2629.   SYNOPSIS
  2630.     escape_string_for_mysql()
  2631.     charset_info        Charset of the strings
  2632.     to                  Buffer for escaped string
  2633.     to_length           Length of destination buffer, or 0
  2634.     from                The string to escape
  2635.     length              The length of the string to escape
  2636.  
  2637.   DESCRIPTION
  2638.     This escapes the contents of a string by adding backslashes before special
  2639.     characters, and turning others into specific escape sequences, such as
  2640.     turning newlines into \n and null bytes into [code]ulong STDCALL
  2641. mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  2642.              ulong length)
  2643. {
  2644.   if (mysql->server_status & SERVER_STATUS_NO_BACKSLASH_ESCAPES)
  2645.     return escape_quotes_for_mysql(mysql->charset, to, 0, from, length);
  2646.   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
  2647. }[/code]
  2648. Here's the two functions, a quick glance at these looks like they could be rewritten in PHP for the most part.
  2649. ./mysys/charset.c:758
  2650. [code]/*
  2651.   Escape apostrophes by doubling them up
  2652.  
  2653.   SYNOPSIS
  2654.     escape_quotes_for_mysql()
  2655.     charset_info        Charset of the strings
  2656.     to                  Buffer for escaped string
  2657.     to_length           Length of destination buffer, or 0
  2658.     from                The string to escape
  2659.     length              The length of the string to escape
  2660.  
  2661.   DESCRIPTION
  2662.     This escapes the contents of a string by doubling up any apostrophes that
  2663.     it contains. This is used when the NO_BACKSLASH_ESCAPES SQL_MODE is in
  2664.     effect on the server.
  2665.  
  2666.   NOTE
  2667.     To be consistent with escape_string_for_mysql(), to_length may be 0 to
  2668.     mean "big enough"
  2669.  
  2670.   RETURN VALUES
  2671.     ~0          The escaped string did not fit in the to buffer
  2672.     >=0         The length of the escaped string
  2673. */
  2674.  
  2675. ulong escape_quotes_for_mysql(CHARSET_INFO *charset_info,
  2676.                               char *to, ulong to_length,
  2677.                               const char *from, ulong length)
  2678. {
  2679.   const char *to_start= to;
  2680.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2681.   my_bool overflow= FALSE;
  2682. #ifdef USE_MB
  2683.   my_bool use_mb_flag= use_mb(charset_info);
  2684. #endif
  2685.   for (end= from + length; from < end; from++)
  2686.   {
  2687. #ifdef USE_MB
  2688.     int tmp_length;
  2689.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2690.     {
  2691.       if (to + tmp_length > to_end)
  2692.       {
  2693.         overflow= TRUE;
  2694.         break;
  2695.       }
  2696.       while (tmp_length--)
  2697.     *to++= *from++;
  2698.       from--;
  2699.       continue;
  2700.     }
  2701.     /*
  2702.       We don't have the same issue here with a non-multi-byte character being
  2703.       turned into a multi-byte character by the addition of an escaping
  2704.       character, because we are only escaping the ' character with itself.
  2705.      */
  2706. #endif
  2707.     if (*from == '\'')
  2708.     {
  2709.       if (to + 2 > to_end)
  2710.       {
  2711.         overflow= TRUE;
  2712.         break;
  2713.       }
  2714.       *to++= '\'';
  2715.       *to++= '\'';
  2716.     }
  2717.     else
  2718.     {
  2719.       if (to + 1 > to_end)
  2720.       {
  2721.         overflow= TRUE;
  2722.         break;
  2723.       }
  2724.       *to++= *from;
  2725.     }
  2726.   }
  2727.   *to= 0;
  2728.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2729. }[/code]
  2730. ./mysys/charset.c:618
  2731. [code]
    1. /*
    2.   Escape string with backslashes (\)
    3.  
    4.   SYNOPSIS
    5.     escape_string_for_mysql()
    6.     charset_info        Charset of the strings
    7.     to                  Buffer for escaped string
    8.     to_length           Length of destination buffer, or 0
    9.     from                The string to escape
    10.     length              The length of the string to escape
    11.  
    12.   DESCRIPTION
    13.     This escapes the contents of a string by adding backslashes before special
    14.     characters, and turning others into specific escape sequences, such as
    15.     turning newlines into \n and null bytes into \0.
    16.  
    17.   NOTE
    18.     To maintain compatibility with the old C API, to_length may be 0 to mean
    19.     "big enough"
    20.  
    21.   RETURN VALUES
    22.     ~0          The escaped string did not fit in the to buffer
    23.     >=0         The length of the escaped string
    24. */
    25.  
    26. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
    27.                               char *to, ulong to_length,
    28.                               const char *from, ulong length)
    29. {
    30.   const char *to_start= to;
    31.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
    32.   my_bool overflow= FALSE;
    33. #ifdef USE_MB
    34.   my_bool use_mb_flag= use_mb(charset_info);
    35. #endif
    36.   for (end= from + length; from < end; from++)
    37.   {
    38.     char escape= 0;
    39. #ifdef USE_MB
    40.     int tmp_length;
    41.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
    42.     {
    43.       if (to + tmp_length > to_end)
    44.       {
    45.         overflow= TRUE;
    46.         break;
    47.       }
    48.       while (tmp_length--)
    49.     *to++= *from++;
    50.       from--;
    51.       continue;
    52.     }
    53.     /*
    54.      If the next character appears to begin a multi-byte character, we
    55.      escape that first byte of that apparent multi-byte character. (The
    56.      character just looks like a multi-byte character -- if it were actually
    57.      a multi-byte character, it would have been passed through in the test
    58.      above.)
    59.  
    60.      Without this check, we can create a problem by converting an invalid
    61.      multi-byte character into a valid one. For example, 0xbf27 is not
    62.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
    63.     */
    64.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
    65.       escape= *from;
    66.     else
    67. #endif
    68.     switch (*from) {
    69.     case 0:             /* Must be escaped for 'mysql' */
    70.       escape= '0';
    71.       break;
    72.     case '\n':              /* Must be escaped for logs */
    73.       escape= 'n';
    74.       break;
    75.     case '\r':
    76.       escape= 'r';
    77.       break;
    78.     case '\\':
    79.       escape= '\\';
    80.       break;
    81.     case '\'':
    82.       escape= '\'';
    83.       break;
    84.     case '"':               /* Better safe than sorry */
    85.       escape= '"';
    86.       break;
    87.     case '\032':            /* This gives problems on Win32 */
    88.       escape= 'Z';
    89.       break;
    90.     }
    91.     if (escape)
    92.     {
    93.       if (to + 2 > to_end)
    94.       {
    95.         overflow= TRUE;
    96.         break;
    97.       }
    98.       *to++= '\\';
    99.       *to++= escape;
    100.     }
    101.     else
    102.     {
    103.       if (to + 1 > to_end)
    104.       {
    105.         overflow= TRUE;
    106.         break;
    107.       }
    108.       *to++= *from;
    109.     }
    110.   }
    111.   *to= 0;
    112.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
    113. }
    [/code].
  2732.  
  2733.   NOTE
  2734.     To maintain compatibility with the old C API, to_length may be 0 to mean
  2735.     "big enough"
  2736.  
  2737.   RETURN VALUES
  2738.     ~0          The escaped string did not fit in the to buffer
  2739.     >=0         The length of the escaped string
  2740. */
  2741.  
  2742. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
  2743.                               char *to, ulong to_length,
  2744.                               const char *from, ulong length)
  2745. {
  2746.   const char *to_start= to;
  2747.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2748.   my_bool overflow= FALSE;
  2749. #ifdef USE_MB
  2750.   my_bool use_mb_flag= use_mb(charset_info);
  2751. #endif
  2752.   for (end= from + length; from < end; from++)
  2753.   {
  2754.     char escape= 0;
  2755. #ifdef USE_MB
  2756.     int tmp_length;
  2757.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2758.     {
  2759.       if (to + tmp_length > to_end)
  2760.       {
  2761.         overflow= TRUE;
  2762.         break;
  2763.       }
  2764.       while (tmp_length--)
  2765.     *to++= *from++;
  2766.       from--;
  2767.       continue;
  2768.     }
  2769.     /*
  2770.      If the next character appears to begin a multi-byte character, we
  2771.      escape that first byte of that apparent multi-byte character. (The
  2772.      character just looks like a multi-byte character -- if it were actually
  2773.      a multi-byte character, it would have been passed through in the test
  2774.      above.)
  2775.  
  2776.      Without this check, we can create a problem by converting an invalid
  2777.      multi-byte character into a valid one. For example, 0xbf27 is not
  2778.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
  2779.     */
  2780.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
  2781.       escape= *from;
  2782.     else
  2783. #endif
  2784.     switch (*from) {
  2785.     case 0:             /* Must be escaped for 'mysql' */
  2786.       escape= '0';
  2787.       break;
  2788.     case '\n':              /* Must be escaped for logs */
  2789.       escape= 'n';
  2790.       break;
  2791.     case '\r':
  2792.       escape= 'r';
  2793.       break;
  2794.     case '\':
  2795.       escape= '\';
  2796.       break;
  2797.     case '\'':
  2798.       escape= '\'';
  2799.       break;
  2800.     case '"':               /* Better safe than sorry */
  2801.       escape= '"';
  2802.       break;
  2803.     case '2':            /* This gives problems on Win32 */
  2804.       escape= 'Z';
  2805.       break;
  2806.     }
  2807.     if (escape)
  2808.     {
  2809.       if (to + 2 > to_end)
  2810.       {
  2811.         overflow= TRUE;
  2812.         break;
  2813.       }
  2814.       *to++= '\';
  2815.       *to++= escape;
  2816.     }
  2817.     else
  2818.     {
  2819.       if (to + 1 > to_end)
  2820.       {
  2821.         overflow= TRUE;
  2822.         break;
  2823.       }
  2824.       *to++= *from;
  2825.     }
  2826.   }
  2827.   *to= 0;
  2828.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2829. }[/code].
  2830.  
  2831.   NOTE
  2832.     To maintain compatibility with the old C API, to_length may be 0 to mean
  2833.     "big enough"
  2834.  
  2835.   RETURN VALUES
  2836.     ~0          The escaped string did not fit in the to buffer
  2837.     >=0         The length of the escaped string
  2838. */
  2839.  
  2840. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
  2841.                               char *to, ulong to_length,
  2842.                               const char *from, ulong length)
  2843. {
  2844.   const char *to_start= to;
  2845.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2846.   my_bool overflow= FALSE;
  2847. #ifdef USE_MB
  2848.   my_bool use_mb_flag= use_mb(charset_info);
  2849. #endif
  2850.   for (end= from + length; from < end; from++)
  2851.   {
  2852.     char escape= 0;
  2853. #ifdef USE_MB
  2854.     int tmp_length;
  2855.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2856.     {
  2857.       if (to + tmp_length > to_end)
  2858.       {
  2859.         overflow= TRUE;
  2860.         break;
  2861.       }
  2862.       while (tmp_length--)
  2863.     *to++= *from++;
  2864.       from--;
  2865.       continue;
  2866.     }
  2867.     /*
  2868.      If the next character appears to begin a multi-byte character, we
  2869.      escape that first byte of that apparent multi-byte character. (The
  2870.      character just looks like a multi-byte character -- if it were actually
  2871.      a multi-byte character, it would have been passed through in the test
  2872.      above.)
  2873.  
  2874.      Without this check, we can create a problem by converting an invalid
  2875.      multi-byte character into a valid one. For example, 0xbf27 is not
  2876.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
  2877.     */
  2878.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
  2879.       escape= *from;
  2880.     else
  2881. #endif
  2882.     switch (*from) {
  2883.     case 0:             /* Must be escaped for 'mysql' */
  2884.       escape= '0';
  2885.       break;
  2886.     case '\n':              /* Must be escaped for logs */
  2887.       escape= 'n';
  2888.       break;
  2889.     case '\r':
  2890.       escape= 'r';
  2891.       break;
  2892.     case '\':
  2893.       escape= '\';
  2894.       break;
  2895.     case '\'':
  2896.       escape= '\'';
  2897.       break;
  2898.     case '"':               /* Better safe than sorry */
  2899.       escape= '"';
  2900.       break;
  2901.     case '2':            /* This gives problems on Win32 */
  2902.       escape= 'Z';
  2903.       break;
  2904.     }
  2905.     if (escape)
  2906.     {
  2907.       if (to + 2 > to_end)
  2908.       {
  2909.         overflow= TRUE;
  2910.         break;
  2911.       }
  2912.       *to++= '\';
  2913.       *to++= escape;
  2914.     }
  2915.     else
  2916.     {
  2917.       if (to + 1 > to_end)
  2918.       {
  2919.         overflow= TRUE;
  2920.         break;
  2921.       }
  2922.       *to++= *from;
  2923.     }
  2924.   }
  2925.   *to= 0;
  2926.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  2927. }[/code].
  2928.  
  2929.   NOTE
  2930.     To maintain compatibility with the old C API, to_length may be 0 to mean
  2931.     "big enough"
  2932.  
  2933.   RETURN VALUES
  2934.     ~0          The escaped string did not fit in the to buffer
  2935.     >=0         The length of the escaped string
  2936. */
  2937.  
  2938. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
  2939.                               char *to, ulong to_length,
  2940.                               const char *from, ulong length)
  2941. {
  2942.   const char *to_start= to;
  2943.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  2944.   my_bool overflow= FALSE;
  2945. #ifdef USE_MB
  2946.   my_bool use_mb_flag= use_mb(charset_info);
  2947. #endif
  2948.   for (end= from + length; from < end; from++)
  2949.   {
  2950.     char escape= 0;
  2951. #ifdef USE_MB
  2952.     int tmp_length;
  2953.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  2954.     {
  2955.       if (to + tmp_length > to_end)
  2956.       {
  2957.         overflow= TRUE;
  2958.         break;
  2959.       }
  2960.       while (tmp_length--)
  2961.     *to++= *from++;
  2962.       from--;
  2963.       continue;
  2964.     }
  2965.     /*
  2966.      If the next character appears to begin a multi-byte character, we
  2967.      escape that first byte of that apparent multi-byte character. (The
  2968.      character just looks like a multi-byte character -- if it were actually
  2969.      a multi-byte character, it would have been passed through in the test
  2970.      above.)
  2971.  
  2972.      Without this check, we can create a problem by converting an invalid
  2973.      multi-byte character into a valid one. For example, 0xbf27 is not
  2974.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
  2975.     */
  2976.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
  2977.       escape= *from;
  2978.     else
  2979. #endif
  2980.     switch (*from) {
  2981.     case 0:             /* Must be escaped for 'mysql' */
  2982.       escape= '0';
  2983.       break;
  2984.     case '\n':              /* Must be escaped for logs */
  2985.       escape= 'n';
  2986.       break;
  2987.     case '\r':
  2988.       escape= 'r';
  2989.       break;
  2990.     case '\':
  2991.       escape= '\';
  2992.       break;
  2993.     case '\'':
  2994.       escape= '\'';
  2995.       break;
  2996.     case '"':               /* Better safe than sorry */
  2997.       escape= '"';
  2998.       break;
  2999.     case '2':            /* This gives problems on Win32 */
  3000.       escape= 'Z';
  3001.       break;
  3002.     }
  3003.     if (escape)
  3004.     {
  3005.       if (to + 2 > to_end)
  3006.       {
  3007.         overflow= TRUE;
  3008.         break;
  3009.       }
  3010.       *to++= '\';
  3011.       *to++= escape;
  3012.     }
  3013.     else
  3014.     {
  3015.       if (to + 1 > to_end)
  3016.       {
  3017.         overflow= TRUE;
  3018.         break;
  3019.       }
  3020.       *to++= *from;
  3021.     }
  3022.   }
  3023.   *to= 0;
  3024.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  3025. }[/code].
  3026.  
  3027.   NOTE
  3028.     To maintain compatibility with the old C API, to_length may be 0 to mean
  3029.     "big enough"
  3030.  
  3031.   RETURN VALUES
  3032.     ~0          The escaped string did not fit in the to buffer
  3033.     >=0         The length of the escaped string
  3034. */
  3035.  
  3036. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
  3037.                               char *to, ulong to_length,
  3038.                               const char *from, ulong length)
  3039. {
  3040.   const char *to_start= to;
  3041.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  3042.   my_bool overflow= FALSE;
  3043. #ifdef USE_MB
  3044.   my_bool use_mb_flag= use_mb(charset_info);
  3045. #endif
  3046.   for (end= from + length; from < end; from++)
  3047.   {
  3048.     char escape= 0;
  3049. #ifdef USE_MB
  3050.     int tmp_length;
  3051.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  3052.     {
  3053.       if (to + tmp_length > to_end)
  3054.       {
  3055.         overflow= TRUE;
  3056.         break;
  3057.       }
  3058.       while (tmp_length--)
  3059.     *to++= *from++;
  3060.       from--;
  3061.       continue;
  3062.     }
  3063.     /*
  3064.      If the next character appears to begin a multi-byte character, we
  3065.      escape that first byte of that apparent multi-byte character. (The
  3066.      character just looks like a multi-byte character -- if it were actually
  3067.      a multi-byte character, it would have been passed through in the test
  3068.      above.)
  3069.  
  3070.      Without this check, we can create a problem by converting an invalid
  3071.      multi-byte character into a valid one. For example, 0xbf27 is not
  3072.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
  3073.     */
  3074.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
  3075.       escape= *from;
  3076.     else
  3077. #endif
  3078.     switch (*from) {
  3079.     case 0:             /* Must be escaped for 'mysql' */
  3080.       escape= '0';
  3081.       break;
  3082.     case '\n':              /* Must be escaped for logs */
  3083.       escape= 'n';
  3084.       break;
  3085.     case '\r':
  3086.       escape= 'r';
  3087.       break;
  3088.     case '\':
  3089.       escape= '\';
  3090.       break;
  3091.     case '\'':
  3092.       escape= '\'';
  3093.       break;
  3094.     case '"':               /* Better safe than sorry */
  3095.       escape= '"';
  3096.       break;
  3097.     case '2':            /* This gives problems on Win32 */
  3098.       escape= 'Z';
  3099.       break;
  3100.     }
  3101.     if (escape)
  3102.     {
  3103.       if (to + 2 > to_end)
  3104.       {
  3105.         overflow= TRUE;
  3106.         break;
  3107.       }
  3108.       *to++= '\';
  3109.       *to++= escape;
  3110.     }
  3111.     else
  3112.     {
  3113.       if (to + 1 > to_end)
  3114.       {
  3115.         overflow= TRUE;
  3116.         break;
  3117.       }
  3118.       *to++= *from;
  3119.     }
  3120.   }
  3121.   *to= 0;
  3122.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  3123. }[/code].
  3124.  
  3125.   NOTE
  3126.     To maintain compatibility with the old C API, to_length may be 0 to mean
  3127.     "big enough"
  3128.  
  3129.   RETURN VALUES
  3130.     ~0          The escaped string did not fit in the to buffer
  3131.     >=0         The length of the escaped string
  3132. */
  3133.  
  3134. ulong escape_string_for_mysql(CHARSET_INFO *charset_info,
  3135.                               char *to, ulong to_length,
  3136.                               const char *from, ulong length)
  3137. {
  3138.   const char *to_start= to;
  3139.   const char *end, *to_end=to_start + (to_length ? to_length-1 : 2*length);
  3140.   my_bool overflow= FALSE;
  3141. #ifdef USE_MB
  3142.   my_bool use_mb_flag= use_mb(charset_info);
  3143. #endif
  3144.   for (end= from + length; from < end; from++)
  3145.   {
  3146.     char escape= 0;
  3147. #ifdef USE_MB
  3148.     int tmp_length;
  3149.     if (use_mb_flag && (tmp_length= my_ismbchar(charset_info, from, end)))
  3150.     {
  3151.       if (to + tmp_length > to_end)
  3152.       {
  3153.         overflow= TRUE;
  3154.         break;
  3155.       }
  3156.       while (tmp_length--)
  3157.     *to++= *from++;
  3158.       from--;
  3159.       continue;
  3160.     }
  3161.     /*
  3162.      If the next character appears to begin a multi-byte character, we
  3163.      escape that first byte of that apparent multi-byte character. (The
  3164.      character just looks like a multi-byte character -- if it were actually
  3165.      a multi-byte character, it would have been passed through in the test
  3166.      above.)
  3167.  
  3168.      Without this check, we can create a problem by converting an invalid
  3169.      multi-byte character into a valid one. For example, 0xbf27 is not
  3170.      a valid GBK character, but 0xbf5c is. (0x27 = ', 0x5c = \)
  3171.     */
  3172.     if (use_mb_flag && (tmp_length= my_mbcharlen(charset_info, *from)) > 1)
  3173.       escape= *from;
  3174.     else
  3175. #endif
  3176.     switch (*from) {
  3177.     case 0:             /* Must be escaped for 'mysql' */
  3178.       escape= '0';
  3179.       break;
  3180.     case '\n':              /* Must be escaped for logs */
  3181.       escape= 'n';
  3182.       break;
  3183.     case '\r':
  3184.       escape= 'r';
  3185.       break;
  3186.     case '\':
  3187.       escape= '\';
  3188.       break;
  3189.     case '\'':
  3190.       escape= '\'';
  3191.       break;
  3192.     case '"':               /* Better safe than sorry */
  3193.       escape= '"';
  3194.       break;
  3195.     case '2':            /* This gives problems on Win32 */
  3196.       escape= 'Z';
  3197.       break;
  3198.     }
  3199.     if (escape)
  3200.     {
  3201.       if (to + 2 > to_end)
  3202.       {
  3203.         overflow= TRUE;
  3204.         break;
  3205.       }
  3206.       *to++= '\';
  3207.       *to++= escape;
  3208.     }
  3209.     else
  3210.     {
  3211.       if (to + 1 > to_end)
  3212.       {
  3213.         overflow= TRUE;
  3214.         break;
  3215.       }
  3216.       *to++= *from;
  3217.     }
  3218.   }
  3219.   *to= 0;
  3220.   return overflow ? (ulong)~0 : (ulong) (to - to_start);
  3221. }
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

I would agree, but in essence thats basically what its doing.
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

I think it was Nas who said, "It's never what you do, but how it's done". :D
  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

SpooF wrote:
Any particular reason they are still using PHP 2.2?


i don't know either. It's a NON-IT company and I'm just working on contract basis.

I told them to upgrade but no use.

And Thanks I'll take care of what you guys told, specially about how it is done part! :D

Post Information

  • Total Posts in this topic: 11 posts
  • Users browsing this forum: No registered users and 85 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.