Hi!
Does anybody have a complete function for escaping special characters before making a write query to MySQL DB?
Something like:
https://stackoverflow.com/a/6478616/10205274
https://documentation.help/MySQL-Con...capeString.htm
but, should consider all anti-exploit cases. Including, % _ etc.
I'm using ADO (excel / vba).
Here is my code:
Also, can you suggest me please the article where all the special characters are listed.
Thank you.
Does anybody have a complete function for escaping special characters before making a write query to MySQL DB?
Something like:
https://stackoverflow.com/a/6478616/10205274
https://documentation.help/MySQL-Con...capeString.htm
but, should consider all anti-exploit cases. Including, % _ etc.
I'm using ADO (excel / vba).
Here is my code:
Code:
Private Sub testADO()
Const DB_DRIVER As String = "{MySQL ODBC 8.0 Unicode Driver}"
Const DB_SERVER As String = "ip"
Const DB_NAME As String = "db_name"
Const DB_USER As String = "user"
Const DB_PASS As String = "pass"
Const TABLE_NAME As String = "table"
Const adUseClient = 3, adOpenKeyset = 1, adOpenDynamic = 2, adOpenStatic = 3, adLockOptimistic = 3, adCmdText = 1
Dim oConnect As Object, oRecordSet As Object
Dim sName As String
Dim fld
Set oConnect = CreateObject("ADODB.Connection")
Set oRecordSet = CreateObject("ADODB.Recordset")
oConnect.Open "DRIVER=" & DB_DRIVER & ";SERVER=" & DB_SERVER & ";DATABASE=" & DB_NAME & ";USER=" & DB_USER & ";PASSWORD=" & DB_PASS & ";"
oRecordSet.CursorLocation = adUseClient
sName = "Some' \/; weird "" name"
oConnect.Execute "INSERT INTO " & TABLE_NAME & "(name, ver, cvar) values('" & sName & "', '1.0', 'test')"
oRecordSet.Open "SELECT * FROM " & TABLE_NAME, oConnect
Debug.Print "Total records - " & oRecordSet.RecordCount
oRecordSet.MoveFirst
Debug.Print String(50, "-")
For Each fld In oRecordSet.fields
Debug.Print fld.Name,
Next
Debug.Print
Do Until oRecordSet.EOF
For Each fld In oRecordSet.fields
Debug.Print fld.value,
Next
oRecordSet.MoveNext
Debug.Print
Loop
oRecordSet.Close
oConnect.Close
End Sub
Thank you.