Bug #12630 mysql_real_escape_string bad result
Submitted: 17 Aug 2005 20:24 Modified: 24 Aug 2005 9:23
Reporter: Anker Berg-Sonne Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL++ Severity:S2 (Serious)
Version:5.0.4 OS:Windows (Windows Server 2000 SP1)
Assigned to: CPU Architecture:Any

[17 Aug 2005 20:24] Anker Berg-Sonne 
Description:
If a string containing just a single quote is passed to mysql_real_escape_string it returns -1 and not the length of a properly escaped version of the string.

How to repeat:
Just call mysql_real_escape_string with "'" and look at the result.

Suggested fix:
Have it return the correct value
[19 Aug 2005 13:34] MySQL Verification Team 
I assume you mean C API and not MySQL++ how reported.
Could you please provide a code's sample.

Thank you in advance.
[19 Aug 2005 13:58] Anker Berg-Sonne 
Yes, it is the C API, but that wasn't a choice on the bug reporting site. C++ was the closest match. :-)

Ooops! I just realized that it is the version of the client library file that you need, not the server that I an connected to. I looked up and I am linking against the 5.0.4 libraries. I'll correct the version.

printf("%d",mysql_real_escape_string(Conn,ResultString,"'",1));

Returns -1

It should have returned a positive value.
[24 Aug 2005 9:23] Georg Richter 
Can't repeat (tested with libmysql 5.0.12)

  printf("client library version: %d\n", mysql_get_client_version());

  mysql_query(mysql, "SET sql_mode=''");
  rc= mysql_real_escape_string(mysql, (char *)&to, from, strlen(from));
  printf("rc=%d From=%s To=%s\n", rc, from, to);

  mysql_query(mysql, "SET sql_mode='NO_BACKSLASH_ESCAPES'");
  rc= mysql_real_escape_string(mysql, (char *)&to, from, strlen(from));
  printf("rc=%d From=%s To=%s\n", rc, from, to);

Output:

client library version: 50012
rc=2 From=' To=\'
rc=2 From=' To=''