QTSql String Quoteing

**ldsjohn** · 4th December 2006, 22:45

I recently discovered an issue in an application I have created, where someone can put a ' in an entry field and cause the query to screw up..

I know in php I have many functions to quote sql properly, but I can't seam to find one included with QSql or even one wrote in c++ for that matter?

if anyone with experience with this could point me in the right direction, towards such a function I would very much appreciate it :-D

**jacek** · 4th December 2006, 23:05

Use QSqlQuery::bindValue() and forget about quotes.

**ldsjohn** · 4th December 2006, 23:49

well I think thats what I was looking for, do you know of a good tutorial for doing so

right now I am jsut putting my query into a Qstring then using the exec function to get the query and going from there

but this looks like I have to use qsql to build the query, probabally a better way of doing it thoguh

**jacek** · 4th December 2006, 23:58

Originally Posted by ldsjohn

well I think thats what I was looking for, do you know of a good tutorial for doing so

Whole tutorial for one method?

Qt Code:

Switch view

QSqlQuery q;
q.prepare( "INSERT INTO some_table( some_column ) VALUES ( :some_value )" );
q.bindValue( ":some_value", _someValue );
if( q.exec() ) {
   // ok
}
else {
   // error
}

QSqlQuery q;
q.prepare( "INSERT INTO some_table( some_column ) VALUES ( :some_value )" );
q.bindValue( ":some_value", _someValue );
if( q.exec() ) {
   // ok
}
else {
   // error
}

To copy to clipboard, switch view to plain text mode

Just watch out for the placeholders --- you'll get interesting results if you forget one bindValue() or make a typo in placeholder name.

Instead of ":name" you can use "?" (in such case you'll have to specify a number as the first argument for bindValue()).

**ldsjohn** · 5th December 2006, 00:01

thanks, I am normally not so clueless, long day, I am a one man dev team for a construciton type company and this one problem has gotten me too many phone calls to count today...

thanks a bunch

**ldsjohn** · 5th December 2006, 00:04

one other question if you have a moment, can I reuse q, like if I have three querys is there somethign i should do to to clear it, or can I just q.prepare again?

**jacek** · 5th December 2006, 00:12

Originally Posted by ldsjohn

can I reuse q, like if I have three querys is there somethign i should do to to clear it, or can I just q.prepare again?

AFAIK prepare() should be enough, but of course if you want to execute the same query several times, it will be enough if you prepare it once.

Thread: QTSql String Quoteing

Thread Tools

Search Thread

Display

QTSql String Quoteing

Re: QTSql String Quoteing

Re: QTSql String Quoteing

Re: QTSql String Quoteing

Re: QTSql String Quoteing

Re: QTSql String Quoteing

Re: QTSql String Quoteing

Similar Threads

String value

Create pixmap image from string

inserting string > 127 characters to MS Access

How to get size (length, width ....) of string or char

signal slot conection using a string, not a SLOT

Bookmarks

Bookmarks

Posting Permissions