I am pretty sure I am using dbi_conn_queryf correctly, the code below is
actually much longer but I have shortened it to just show an example of the
issue. I have two column names, name and title, and want to read in two
string values using dbi_conn_queryf. I need to lock down the second value
being read into the DB and read it as is.

sprintf (sql_columns, "name, title");
      sprintf (sql_string,   "REPLACE into data (%s) VALUES (\"%s\",
\"%s\")",
               sql_columns,
               GET_NAME (ch),
              ch->player.title ? ch->player.title : "None") );

      result = dbi_conn_queryf (conn, sql_string);

I have tried the following, which I believe is on the right track but the
program crashes as soon as it gets to  dbi_conn_quote_string_copy. I try to
use dbi_conn_quote_string_copy to keep the bad string locked down, and then
use dbi_conn_queryf to read the new locked down value into the db. Sadly, I
am not the greatest C coder so I am probably overlooking something
relatively simple to make this work.

char *pTitle=NULL;
char *pTitle2=NULL;

        if ((ch)->player.title)
            {
              sprintf (pTitle, (ch)->player.title);
            }
          else
            {
              sprintf (pTitle, "None");
            }

       dbi_conn_quote_string_copy(conn, pTitle, &pTitle2);

sprintf (sql_columns, "name, title");
      sprintf (sql_string,   "REPLACE into data (%s) VALUES (\"%s\",
\"%s\")",
               sql_columns,
               GET_NAME (ch),
              pTitle2 );

      result = dbi_conn_queryf (conn, sql_string);



Thank you for any help or thoughts provided and the library!


On Fri, Jan 10, 2014 at 8:40 AM, Markus Hoenicka <
markus.hoeni...@mhoenicka.de> wrote:

>  Am 2014-01-10 14:17, schrieb Markus Hoenicka:
>
>
>
> if I understand you correctly, you attempt to insert a value containing the 
> string "%s Saints going down tonight!!!!!" using the libdbi function 
> dbi_conn_queryf(). Thing is, dbi_conn_queryf() is intended to make 
> dbi_conn_query() behave somewhat like sprintf() in that you can specify a 
> formatting string containing placeholders like "%s", followed by parameters 
> that are filled in. If you want to preserve the "%s" literally, you either 
> need to escape or quote the values properly, or you should rather use 
> dbi_conn_query() which sends the string parameter to the db engine literally. 
> You still need to watch out for proper quoting and escaping as per the 
> language specs of your db engine.
>
>   I forgot to mention that the dbi_conn_quote_string() and 
> dbi_conn_escape_string() functions and their relatives can do the quoting and 
> escaping for you, please check the manual.
>
> regards,
>
> Markus
>
> --
> Markus Hoenickahttp://www.mhoenicka.de
> AQ score 38
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> libdbi-users mailing list
> libdbi-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/libdbi-users
>
>
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
libdbi-users mailing list
libdbi-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libdbi-users

Reply via email to