0

I got the following sql_buildup_method... code is bit dirty but that s not the case

char *build_up_sql(char *inputName,char *inputMessage)
{
   char firstPartStatement[1064] ="INSERT INTO User (name, msg) VALUES (";
    char *endPartStatement =");";
    char *lightener = "'";  
    char *statement;

strcat(firstPartStatement,lightener);
strcat(firstPartStatement,inputName);
strcat(firstPartStatement,lightener);
strcat(firstPartStatement,",");
strcat(firstPartStatement,lightener);
strcat(firstPartStatement,inputMessage);
strcat(firstPartStatement,lightener);
strcat(firstPartStatement,endPartStatement);

statement = firstPartStatement; 

return statement;

}

void create_input(sqlite3 *handler,char *inputName,char *inputMessage)
{
    char *sql;

    sql = build_up_sql(inputName,inputMessage);
 // sql ="INSERT INTO User (name, msg) VALUES ('Susanne','hi all');";   
    printf("%s\n",sql);
    sqlite3_exec(handler,sql, NULL, NULL, NULL);
}

the printf gives the output: INSERT INTO User (name, msg) VALUES ('Susanne','hi all'); which is totally fine ... but the sqlite3_exec ignores it and isn't generating new database input .... if I leave the line sql ="INSERT INTO User (name, msg) VALUES ('Susanne','hi all');"; in the code the sqlite3_exec just works fine .... also putting everything in one function also solved the problem, but this shouldn't be an option.....

Improve this question

1 Answer 1

Reset to default
1

The problem here is that you are returning a pointer to a local variable, which is undefined behavior. When build_up_sql returns, the space on the stack for the local variables are reused.

The best solution is probably to add a parameter to build_up_sql that you use to put the string in. Something like:

char *build_up_sql(char *inputName, char *inputMessage, char *outputSql)
{
    const char firstPartStatement[] = "INSERT INTO User (name, msg) VALUES (";
    const char endPartStatement[] = ");";
    const char lightener[] = "'";

    strcpy(outputSql, firstPartStatement);
    strcat(outputSql,lightener);
    strcat(outputSql,inputName);
    strcat(outputSql,lightener);
    strcat(outputSql,",");
    strcat(outputSql,lightener);
    strcat(outputSql,inputMessage);
    strcat(outputSql,lightener);
    strcat(outputSql,endPartStatement);

    return outputSql;
}

void create_input(sqlite3 *handler, char *inputName, char *inputMessage)
{
    char sql[1024];

    char *sqlstr = build_up_sql(inputName, inputMessage, sql);

    printf("%s\n", sqlstr);
    sqlite3_exec(handler, sqlstr, NULL, NULL, NULL);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

it works....thank u very much... I really appreciate it.... I am just curious... I understand what you mean, but why do I get in the printf the correct String ?
@Fendrix Pure luck it works! :) Probably the stack hasn't been overwritten yet, so that's why it works in the printf call, but that call do overwrite the stack so the next call will not work.
thx... if I would have a reputation score over 15 I would vote ur answer as usefull ... but I am still on 14, so sorry ....:)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.