Results 1 to 5 of 5

Thread: How to pass the value from the variable into the query

  1. #1
    Join Date
    Nov 2013
    Beans
    1

    How to pass the value from the variable into the query

    [C Programming Language]

    I've been try to perform the following query:

    Code:
    scanf("%32s", &user); (...)
    if(mysql_query(conn,"SELECT password From user where username='admin'"))
    
    //where you see 'admin' should be the value of the variable user
    how to pass the value from the variable user into the query?
    Ty guys!
    Last edited by QIII; November 5th, 2013 at 08:35 PM. Reason: formatting

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: How to pass the value from the variable into the query

    Moved to ​Programming Talk
    The Community Java Wiki * The Community ATI Driver Wiki * Find what you need in the Ubuntu Community wikis

    And seeing the terror on the faces of the people, QIII did speak to them, saying "Fear not the Terminal, for it is a road both swift and secure to the Great Mysteries of Linux without passing through the dangers of The Land of Ten Thousand Competing Desktop Environments."

  3. #3
    Join Date
    Nov 2005
    Location
    Bordeaux, France
    Beans
    11,297
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: How to pass the value from the variable into the query

    1. Do not use scanf().
    2. Essentially, you want something like
    Code:
    char query[SOME_SIZE];
    sprintf(query, "SELECT password From user where username='%s'", user);
    mysql_query(conn, query);
    but you have some input sanitisation to do. Since I am not a MySQL expert, I will leave this to others.
    「明後日の夕方には帰ってるからね。」


  4. #4
    Join Date
    Aug 2011
    Location
    47°9′S 126°43W
    Beans
    1,815
    Distro
    Kubuntu 12.10 Quantal Quetzal

    Re: How to pass the value from the variable into the query

    Use "prepared statements"?
    Warning: unless noted otherwise, code in my posts should be understood as "coding suggestions", and its use may require more neurones than the two necessary for Ctrl-C/Ctrl-V.

  5. #5
    Join Date
    May 2007
    Location
    Leeds, UK
    Beans
    1,664
    Distro
    Ubuntu 13.10 Saucy Salamander

    Re: How to pass the value from the variable into the query

    Quote Originally Posted by ofnuts View Post
    Use "prepared statements"?
    +1

    Concatenating strings to form queries means the database has to parse the SQL multiple times, which is an unnecessary overhead. With a prepared statement the query is parsed once and the variable is bound at execution time.

    Here is an example in C/MySQL:

    http://lgallardo.com/en/2011/06/23/s...mplo-completo/
    Please create new threads for new questions.
    Please wrap code in code tags using the '#' button or enter it in your post like this: [code]...[/code].

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •