1

I am probably using a wrong symbol for the NSString type to be included in another string.

const char* error; //it's set, not nil
NSLog([NSString stringWithFormat : @"Problem with SQL statement in \n %@ \n %@",sqlQuery,[NSString stringWithUTF8String:error]]);

The expression works, but I am getting this warning: 

Formatting string is not a string literal(potentially insecure)

Is there a way to get rid of the warnings?

Improve this question
4
  • Just for starters the posted code is missing a trailing "]". As always breakup compound statements, especially when debugging. NSLog() after each step or use the debugger to inspect after each step.; Commented Jun 6, 2014 at 20:04
  • 1
    Do you have this whole statement within an NSLog()? Commented Jun 6, 2014 at 20:07
  • yes, it's in NSLog, see the edit Commented Jun 6, 2014 at 20:09
  • Get rid of both uses of stringWithFormat: and use %s instead of %@ for error. Commented Jun 6, 2014 at 20:19

4 Answers 4

Reset to default
2

According to NSLog implementation, the function expects a constant string or a format specifier string as it's first argument.

You need to use:

NSLog(@"Problem with SQL statement in [BSurfSpotDBOperations allSpots] \n %@ \n %@",sqlQuery,[NSString stringWithUTF8String:error]);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Format strings in NSLog() statements must be constant strings or there will be a warning. Re-write the code to make the format portion a string literal.

In general avoid complex compound statements. Temporary variables make the code more readable and potentially less buggy. The compiler is quite good at elimination temporaries at release compile-time.

Example:

const char* error; //it's set, not nil
NSString *errorString = [NSString stringWithUTF8String:error];
NSLog(@"Problem with SQL statement in [BSurfSpotDBOperations allSpots] \n %@ \n %@", sqlQuery, errorString);
Improve this answer

2 Comments

Even better - get rid of errorString and use %s to directly log error. No need for the NSString.
From a debugging POV the extra statements might expose the error, perhaps it is not really set, not null terminated, etc. Note that the error statement was not included in the original question. Generally when debugging there is an incorrect assumption, verifying each step helps expose the incorrect assumption.
1

stringWithFormat is unnecessary here since NSLog() gives you similar options. You could simply change it to this:

NSLog(@"Problem with ... \n %@ \n %@", sqlQuery,[NSString stringWithUTF8String:error]);

This will eliminate the warning since the NSLog knows it isn't going to run into a string literal it doesn't know what to do with, which is a security concern.

Improve this answer

Comments

0

Try this method :

NSLog([@"Problem with SQL statement in [BSurfSpotDBOperations allSpots] \n %@ \n %@"
,sqlQuery,[NSString stringWithUTF8String:error]);

I think you can also translate [NSString stringWithUTF8String:error] by error

Think this can help you ;)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.