Quotes from the documentation:
"You must allocate the to buffer to be at least length*2+1 bytes long. (In the worst case, each character may need to be encoded as using two bytes, and you need room for the terminating null byte.)"
"The return value is the length of the encoded string, not including the terminating null character."
http://dev.mysql.com/doc/refman/5.6/en/mysql-real-escape-string.html
if (param < p.size())
{
std::string parm = p[param++];
if (param < p.size())
{
std::string parm = p[param++];
- char buffer[MAXBUF];
- mysql_escape_string(buffer, parm.c_str(), parm.length());
+ // In the worst case, each character may need to be encoded as using two bytes,
+ // and one byte is the terminating null
+ std::vector<char> buffer(parm.length() * 2 + 1);
+
+ // The return value of mysql_escape_string() is the length of the encoded string,
+ // not including the terminating null
+ unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
// mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
// mysql_real_escape_string(connection, queryend, paramscopy[paramnum].c_str(), paramscopy[paramnum].length());
+ res.append(&buffer[0], escapedsize);
if (it != p.end())
{
std::string parm = it->second;
if (it != p.end())
{
std::string parm = it->second;
- char buffer[MAXBUF];
- mysql_escape_string(buffer, parm.c_str(), parm.length());
- res.append(buffer);
+ // NOTE: See above
+ std::vector<char> buffer(parm.length() * 2 + 1);
+ unsigned long escapedsize = mysql_escape_string(&buffer[0], parm.c_str(), parm.length());
+ res.append(&buffer[0], escapedsize);