0

I'm writing a c program with an mysql database connection and I'm having difficulties creating my mysql queries...

i want to you a variable integer in my mysql query, but i can't seem to get i right...

my current query looks like this...

mysql_query(conn, "INSERT INTO markerherkenning (MARKER_ID, DATETIME) values(1, CURRENT_TIME())");

my marker_ID value should be a variable value, so i can reduce my code...

i have used this guide to get me going... (http://zetcode.com/tutorials/mysqlcapitutorial)

thanks for helping

Improve this question
7
  • can you build it into the string? IE: "INSERT INTO markerherkenning (MARKER_ID, DATETIME) values(" + variable + "CURRENT_TIME())" forget how to do this in c exactly, but that kind of thing Commented May 9, 2011 at 18:05
  • @Chris: please do not suggest that people open themselves up to SQL injection. Commented May 9, 2011 at 18:07
  • @Chris: building SQL statments by concatenating strings blindly is a recipe for disaster. Commented May 9, 2011 at 18:17
  • 1
    @Wooble: not sure how converting an integer value to a string internally opens you up to an injection attack. Commented May 9, 2011 at 18:18
  • @jordi: are you using mysql++ or C? mysql++ is a library for C++. Commented May 9, 2011 at 18:18

3 Answers 3

Reset to default
2

Something like this:


sprintf(request, "INSERT INTO markerherkenning (%d, DATETIME) values(1, CURRENT_TIME())", marker_id);

At first, you make a string with your request with sprintf (or snprintf), and then use it for sql query.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If this is something you need to execute more than once, you might want to use a prepared statement. It's a bit more work, but it buys you some safety and performance. Not to mention you don't have to convert between strings and other types all the time.

Improve this answer

2 Comments

yeah, but now it's 50 lines of code... and it would change to +100... so i prefer to change :)
@Jordi: c'est la logiciel. Obviously, there are tradeoffs; if this is a toy app for your own amusement, it may not be worth the extra effort. If this is something that's meant to go live, though, you definitely want to put that extra effort into it.
0

You have to convert MARKER_ID to string, then append it to the first part of your query and filanny append the rest of it.

char *query = malloc(80);
char num[11];

num = atoi(MARKER_ID);    

strcpy(query, "INSERT INTO markerherkenning (");
strcat(query, num);
strcat(query, ", DATETIME) values(1, CURRENT_TIME())");
Improve this answer

4 Comments

@Bryan Drewery: yeah, fixed it. Thanks :)
and how do i implement this in my mysql query? mysql_query(conn, query); ? my program crashed @ char *num = atoi(var);
num = atoi(var) isn't recognized Error 11 error C2106: '=' : left operand must be l-value... :s
my solution... thanks for helping char *state; char buffer[256]; state = "INSERT INTO markerherkenning (MARKER_ID , DATETIME) VALUES('%d',CURRENT_TIME())"; len = sprintf(buffer, state, t); mysql_real_query(conn, buffer, len); this works :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.