Bug #46913 Automaticly add back slash when using mysql_real_escape_string() function
Submitted: 25 Aug 2009 8:33 Modified: 28 Aug 2009 9:47
Reporter: Zidong Mo Email Updates:
Status: Not a Bug Impact on me:
Category:MySQL Server: C API (client library) Severity:S2 (Serious)
Version:latest OS:Linux (fedora 8)
Assigned to: CPU Architecture:Any
Tags: mysql_real_escape_string

[25 Aug 2009 8:33] Zidong Mo
When I tried to use mysql_real_escape_string() function to change the char array into utf8 formatting, for every time if there's a "'" code, it will automaticlly add a back slash before ', but the char string will not consider \' as ' but consider them as two characters, \ and ', so, the executed SQL always failed.
maybe it caused by the encoding of the cpp file, I just used UTF8 formatting.
I used Code::Blocks as the IDE

How to repeat:
1> declare a char* string
  char a[400];
  char b[400];
  mysql_query("use names 'utf8'");
  a = "select * from test.list where usr_id = '(some UTF8 string)'";
2> just check a you can find that it becomes
  "select * from test.list where usr_id = \'(some UTF8 string)\'"
  \' were 2 chars not one.  

Suggested fix:
there should be something wrong in mysql_real_escape_string() function or there're some conflicts between this function and file encoding way
[25 Aug 2009 9:23] Sveta Smirnova
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://dev.mysql.com/doc/ and the instructions on
how to report a bug at http://bugs.mysql.com/how-to-report.php

mysql_real_escape_string is to escape strings which you try to insert, not queries itself. I agree example at http://dev.mysql.com/doc/refman/5.1/en/mysql-real-escape-string.html is abit complicated, but you can use example for PHP at http://dev.mysql.com/doc/refman/5.1/en/apis-php-ref.mysql.html#apis-php-function.mysql-rea... This functions works in same fashion here.
[28 Aug 2009 9:47] Zidong Mo
ok, understood, in that way, all are happy:)