Prepare strings for inclusion in statements
\*(T<#include <opendbx/api.h>\*(T>
\*(T<int odbx_escape\*(T> \kx \*(T<(odbx_t* handle, const char* from, unsigned long fromlen, char* to, unsigned long* tolen);\*(T>
\*(T<odbx_escape\*(T>() neutralizes potentially dangerous characters of the string so it can be used as part of a statement. For security reasons every user input has to be passed to \*(T<odbx_escape\*(T>() to avoid SQL injection attacks which can have fatal consequences! It's also a good idea to escape strings returned from database fields again if you want to use them in a query because they don't stay escaped once they are returned as part of a record.
Most backends require the buffer to be more than twice as long as the input string. To be precise, the output buffer must be 2 * size of input + 1 bytes long. After successfully escaping the characters in \*(T<from\*(T>, they are written into the memory provided via \*(T<to\*(T> and the value/result parameter \*(T<tolen\*(T> is updated to the new length of \*(T<to\*(T> in the end.
The first parameter \*(T<handle\*(T> is the connection object created and returned by \*(T<odbx_init\*(T>() which becomes invalid as soon as it was supplied to \*(T<odbx_finish\*(T>().
\*(T<from\*(T> has to point to a character string containing the string which should be used as part of a statement. It doesn't have to be zero-terminated because the length of it is also given via \*(T<fromlen\*(T>. The backends may support variable width character sets like UTF-8 but this function doesn't support the wide char type (wchar_t) where each character has a fixed size of two or four bytes.
The value of the parameter \*(T<fromlen\*(T> must be the length in bytes of the string which \*(T<from\*(T> is pointing to. This is also true for variable width character sets like UTF-8 but the wide char type (wchar_t) is not supported. The terminating \0 character shouldn't be part of \*(T<fromlen\*(T>.
The calling function provides a buffer for storing the escaped string via \*(T<to\*(T>. In general, the length of the buffer should be more than twice as long as the string passed via \*(T<from\*(T> to be able to store the escaped string even if every character has to be escaped.
\*(T<tolen\*(T> is a value-result parameter which points to an integer variable in the calling function. It must contain the original length of the buffer given via \*(T<to\*(T> and if escaping the string in \*(T<from\*(T> suceeded, \*(T<odbx_escape\*(T>() will store the new length of the escaped string in this variable.
\*(T<odbx_escape\*(T>() returns \*(T<ODBX_ERR_SUCCESS\*(T>, or an error code whose value is less than zero if one of the operations couldn't be completed successfully. Possible error codes are listed in the error section and they can be feed to \*(T<odbx_error\*(T>() and \*(T<odbx_error_type\*(T>() to get further details.
-\*(T<ODBX_ERR_BACKEND\*(T>
The native database library returned an error because it wasn't able to escape the given string to be suitable for a statement
-\*(T<ODBX_ERR_PARAM\*(T>
One of the supplied parameters is invalid or is NULL and this isn't allowed in the used backend module or in the native database client library
-\*(T<ODBX_ERR_SIZE\*(T>
The length of the escaped string exceeds or is likely to exeed the available buffer (before 1.1.4 the name of the label was \*(T<ODBX_ERR_TOOLONG\*(T> but the value is still the same)
\*(T<odbx_error\*(T>(), \*(T<odbx_error_type\*(T>(), \*(T<odbx_query\*(T>()