if (param < p.size())
{
std::string parm = p[param++];
- char buffer[MAXBUF];
- mysql_escape_string(buffer, parm.c_str(), parm.length());
+ // In the worst case, each character may need to be encoded as using two bytes,
+ // and one byte is the terminating null
+ std::vector<char> buffer(parm.length() * 2 + 1);
+
+ // The return value of mysql_escape_string() is the length of the encoded string,
+ // not including the terminating null
+ unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
// mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
- res.append(buffer);
+ res.append(&buffer[0], escapedsize);
}
}
}
if (it != p.end())
{
std::string parm = it->second;
- char buffer[MAXBUF];
- mysql_escape_string(buffer, parm.c_str(), parm.length());
- res.append(buffer);
+ // NOTE: See above
+ std::vector<char> buffer(parm.length() * 2 + 1);
+ unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
+ res.append(&buffer[0], escapedsize);
}
}
}