Results 1 to 5 of 5

Thread: How to pass the value from the variable into the query

  1. #1
    Join Date
    Nov 2013
    Beans
    1

    How to pass the value from the variable into the query

    [C Programming Language]

    I've been try to perform the following query:

    Code:
    scanf("%32s", &user); (...)
    if(mysql_query(conn,"SELECT password From user where username='admin'"))
    
    //where you see 'admin' should be the value of the variable user
    how to pass the value from the variable user into the query?
    Ty guys!
    Last edited by QIII; November 5th, 2013 at 08:35 PM. Reason: formatting

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: How to pass the value from the variable into the query

    Moved to ​Programming Talk

  3. #3
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How to pass the value from the variable into the query

    1. Do not use scanf().
    2. Essentially, you want something like
    Code:
    char query[SOME_SIZE];
    sprintf(query, "SELECT password From user where username='%s'", user);
    mysql_query(conn, query);
    but you have some input sanitisation to do. Since I am not a MySQL expert, I will leave this to others.
    「明後日の夕方には帰ってるからね。」


  4. #4
    Join Date
    Aug 2011
    Location
    47°9′S 126°43W
    Beans
    2,005
    Distro
    Kubuntu 12.10 Quantal Quetzal

    Re: How to pass the value from the variable into the query

    Use "prepared statements"?
    Warning: unless noted otherwise, code in my posts should be understood as "coding suggestions", and its use may require more neurones than the two necessary for Ctrl-C/Ctrl-V.

  5. #5
    Join Date
    May 2007
    Location
    Leeds, UK
    Beans
    1,664
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: How to pass the value from the variable into the query

    Quote Originally Posted by ofnuts View Post
    Use "prepared statements"?
    +1

    Concatenating strings to form queries means the database has to parse the SQL multiple times, which is an unnecessary overhead. With a prepared statement the query is parsed once and the variable is bound at execution time.

    Here is an example in C/MySQL:

    http://lgallardo.com/en/2011/06/23/s...mplo-completo/
    Please create new threads for new questions.
    Please wrap code in code tags using the '#' button or enter it in your post like this: [code]...[/code].

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •