Results 1 to 3 of 3

Thread: creating query string from variables

  1. 9th April 2007, 11:47 #1
    locus's Avatar
    locus
    locus is offline Novice
    Join Date
    Jan 2007
    Posts
    38
    Thanks
    12
    Qt products
    Qt4
    Platforms
    Windows

    Default creating query string from variables

    I am trying to create a string with the values of some variables as follows

    const char *quer = "insert into comm_records (caller_id,userID,c_area,c_duration,c_date) values ('"+number+"','"+userID+"','"+area+"','"+duration+ "','"+date+"')";

    all the identifiers between the + signs are variables, and i am trying to form a string with the valuse of those variables. i keep getting the following error

    : error C2110: '+' : cannot add two pointers
    non of the variables are pointers, some are integers and some are strings, could someone give me some pointers on how to achieve what i want to do.

    Thanks.
    Reply With Quote Reply With Quote
  2. 9th April 2007, 13:21 #2
    jacek
    jacek is offline Guru
    Join Date
    Jan 2006
    Location
    Warsaw, Poland
    Posts
    5,372
    Thanks
    28
    Thanked 976 Times in 912 Posts
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11 Windows

    Default Re: creating query string from variables

    Quote Originally Posted by locus View Post
    I am trying to create a string with the values of some variables as follows
    Make sure you validate all of those variables or your application might be vulnerable to the SQL injection attack. If you use Qt, consider using QSqlQuery::bindValue().

    Quote Originally Posted by locus View Post
    non of the variables are pointers, some are integers and some are strings, could someone give me some pointers on how to achieve what i want to do.
    In C++ string literals are treated as pointers, so you can't concatenate them using + operator. Instead you have to use strcat() function, std::string class or QString (if you are using Qt).

    The second problem is that you can't concatenate a string and integer (or any other type). First you have to convert the latter to a string, for example using boost::lexical_cast or std::stringstream. In Qt you can use QString::arg() and QString::number().
    Reply With Quote Reply With Quote
  3. 16th April 2007, 08:50 #3
    Kumosan
    Kumosan is offline Intermediate user
    Nokia Certified Qt Developer
    Join Date
    Aug 2006
    Posts
    221
    Thanks
    3
    Thanked 29 Times in 19 Posts

    Angry Re: creating query string from variables

    First of all, jacek is right when he points to the risk of injection attacks.
    So building an sql query directly with input from user data is potentially dangerous.
    However, if you don't care or if it does not apply to you, I like the following way to build complicated strings:

    Qt Code: 
    1. QString queryString;
    2. QTextStream queryStream(&queryString);
    3.  
    4. queryStream 
    5.    << "INSERT INTO comm_records (caller_id, userID) VALUES ('"
    6.    << number  << "','" 
    7.    << userID    << "');";
    To copy to clipboard, switch view to plain text mode 

    Afterwards you find your desired statement in queryString.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Reading from sockets in a multithreaded program
    By KoosKoets in forum Qt Programming
    Replies: 9
    Last Post: 4th April 2007, 20:43
  2. saving a c string of variable length in a shared memory?
    By nass in forum General Programming
    Replies: 4
    Last Post: 3rd January 2007, 14:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Digia, Qt and their respective logos are trademarks of Digia Plc in Finland and/or other countries worldwide.