相当于 php 的 mysql_real_escape_string

发布于 2024-12-21 13:58:48 字数 273 浏览 1 评论 0原文

我需要一些动态 SQL 将大量值插入数据库。

INSERT INTO table1 (a,b,c,d) VALUES (1,2,3,'string with possible quotes'),....

因为我想每批插入大约 1,000 行，所以参数实际上并不是一个选项。
在 php 中，我使用 mysql_lib 和 mysql_real_escape_string 来防止错误和 SQL 注入。

如何转义 Delphi 中的字符串值？

原文

I have a need for some dynamic SQL to INSERT a large number of values into a database.

INSERT INTO table1 (a,b,c,d) VALUES (1,2,3,'string with possible quotes'),....

Because I want to insert about a 1,000 rows per batch, parameters are not really an option.
In php I'd use the mysql_ lib and mysql_real_escape_string to prevent errors and SQL-injections.

How do I escape the string values in Delphi?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

撧情箌佬 2024-12-28 13:58:48

不久前，我按照有关 mysql_real_escape_string 函数。

from 中的字符串被编码为转义的 SQL 字符串，考虑到
考虑连接的当前字符集。结果是
放置在 to 中并附加终止空字节。人物
编码为“\”、“'”、“””、NUL (ASCII 0)、“\n”、“\r”和 Control+Z。
严格来说，MySQL 只需要反斜杠和引号
用于引用查询中的字符串的字符被转义。
mysql_real_escape_string() 引用其他字符来制作它们
更容易阅读日志文件

，显然这里忽略了 ..考虑到连接的当前字符集 部分。

function StringReplaceExt(const S : string; OldPattern, NewPattern:  array of string; Flags: TReplaceFlags):string;
var
 i : integer;
begin
   Assert(Length(OldPattern)=(Length(NewPattern)));
   Result:=S;
   for  i:= Low(OldPattern) to High(OldPattern) do
    Result:=StringReplace(Result,OldPattern[i], NewPattern[i], Flags);
end;

function mysql_real_escape_string(const unescaped_string : string ) : string;
begin
  Result:=StringReplaceExt(unescaped_string,
    ['\', #39, #34, #0, #10, #13, #26], ['\\','\'#39,'\'#34,'\0','\n','\r','\Z'] ,
    [rfReplaceAll]
  );
end;

Sometime ago I wrote a delphi equivalent function, following the MySql Documentation about the mysql_real_escape_string function.

The string in from is encoded to an escaped SQL string, taking into
account the current character set of the connection. The result is
placed in to and a terminating null byte is appended. Characters
encoded are “\”, “'”, “"”, NUL (ASCII 0), “\n”, “\r”, and Control+Z.
Strictly speaking, MySQL requires only that backslash and the quote
character used to quote the string in the query be escaped.
mysql_real_escape_string() quotes the other characters to make them
easier to read in log files

obviously the part ..taking into account the current character set of the connection is ignored here.

function StringReplaceExt(const S : string; OldPattern, NewPattern:  array of string; Flags: TReplaceFlags):string;
var
 i : integer;
begin
   Assert(Length(OldPattern)=(Length(NewPattern)));
   Result:=S;
   for  i:= Low(OldPattern) to High(OldPattern) do
    Result:=StringReplace(Result,OldPattern[i], NewPattern[i], Flags);
end;

function mysql_real_escape_string(const unescaped_string : string ) : string;
begin
  Result:=StringReplaceExt(unescaped_string,
    ['\', #39, #34, #0, #10, #13, #26], ['\\','\'#39,'\'#34,'\0','\n','\r','\Z'] ,
    [rfReplaceAll]
  );
end;

回复收藏 0 原文

~没有更多了~