0

I get some annoying warnings while trying to connect to a Mysql db.

Here's the code:

#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <mysql/mysql.h>
#include <string.h>

const char* host = "localhost";
char *database="Dbis_RG";
char user_name[10];
char passwd[10];

MYSQL_ROW row;
MYSQL_RES* result;
MYSQL_FIELD* field;

int main ()
{

    system("clear");


    printf("Insert yur user name: \n");
    scanf("%s", &user_name);

    printf("Insert your passwd: \n");
    scanf("%s", &passwd);


    MYSQL *conn;

   conn = mysql_init(NULL);


    /* Connection to database */
      if (!mysql_real_connect(conn, host,
            user_name, passwd, database, 0, NULL,CLIENT_MULTI_STATEMENTS)) {
            fprintf(stderr, "%s\n", mysql_error(conn));
            exit(EXIT_SUCCESS);
            } 



        printf ("Connection successful.\n");


}

As a matter of fact I get these warnings, but I don't see how I could get rid of them:

1.0.c: In function ‘main’:
1.0.c:23: warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)[10]’
1.0.c:26: warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)[10]’

Thank you very much

Mauro

Improve this question
1
  • 9
    Hello @Mauro ! We are so excited that you are participating in Stack Overflow. However, we've noticed that you have asked us several questions in the past but have not accepted any answers. Will you go back and accept some answers to your previous questions? You can do this by clicking the green checkmark. Commented Sep 14, 2011 at 21:48

4 Answers 4

Reset to default
3

You could do it like this:

scanf("%s", user_name);
scanf("%s", passwd);

But it's not a good idea. Use fgets instead. Check your manual page. And for further details, try to make people motivated to answer your questions.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks for your answer. It actually works, but you say that's not a good idea..does that mean it's not ansi C?..If I use fgets does that solve the problem the same way? thanks
@Mauro -- please read what @ Tomer already said and fix your mistake! He didn't say it wasn't ansi C; he said what you wrote was a security hole and was dangerous.
also, if you don't want to use fgets, you can limit the # of bytes scanf reads by doing %9s (no space) or %9c (with space) to read only 9 characters, so scanf("%9s", user_name);
2
  1. What brain said.
  2. You're using scanf() in a non-safe way - if my name is more than 10 characters long (or if I just want to break your program) the scanf() call will overflow beyond the array. Use scanf("%9s", user_name); instead (I think you need to leave room for the '\0' at the end).
Improve this answer

Comments

0

username and passwd are already arrays, so you should get rid of the "&" when using scanf.

Improve this answer

3 Comments

Call them what you want. They are memory addresses :)
@brain: you should read section 6 of the c-faq. And once you're there, read the other sections too :P
@pmg: The point is the function expects a pointer, and that's what it gets in that respect. Even if the argument passed is an array. Now, changed my answer as not to confuse people. :p
-1

I solved the problem by using strlen...I check the input through strlen and if it's greater than the specified array size a suitable warning prevents the user to carry on...Do you think it's a good idea ?

Improve this answer

1 Comment

No! After the scanf, if more characters were read than the space reserved for them, the harm is already done. You cannot undo the harm with a warning.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.