newlispfanclub.alh.net

Posted: **Tue Apr 17, 2007 2:16 pm**

Add the following lines to your mysql.lsp library, depending on the version of mysql client lib you have:

(import libmysqlclient "mysql_escape_string") ; MySQL4
(import libmysqlclient "mysql_real_escape_string") ; MySQL5

MySQL4

Code: Select all

(define (escape value , safe-value)
  "Escapes input value using mysql_escape_string."
  (set 'safe-value (dup " " (+ 1 (length value))))
  (MySQL:mysql_escape_string safe-value value (length value))
  safe-value)

MySQL5

Code: Select all

(define (escape value , safe-value)
  "Escapes input value using mysql_real_escape_string."
  (set 'safe-value (dup " " (+ 1 (length value))))
  (MySQL:mysql_real_escape_string MySQL:MYSQL safe-value value (length value))
  safe-value)

These will escape newlines, single and double ticks, etc, to prevent sql injection.

newlispfanclub.alh.net

SQL Escaping in MySQL

SQL Escaping in MySQL