At 2014-01-10 15:56, Rick Robinson was heard to say: 

> I have tried the following, which I believe is on the right track but the 
> program crashes as soon as it gets to dbi_conn_quote_string_copy. I try to 
> use dbi_conn_quote_string_copy to keep the bad string locked down, and then 
> use dbi_conn_queryf to read the new locked down value into the db. Sadly, I 
> am not the greatest C coder so I am probably overlooking something relatively 
> simple to make this work. 
> char *pTitle=NULL; 
> char *pTitle2=NULL; 
> if ((ch)->player.title) 
> { 
> sprintf (pTitle, (ch)->player.title); 
> } 
> else 
> { 
> sprintf (pTitle, "None"); 
> } 
> dbi_conn_quote_string_copy(conn, pTitle, &pTitle2); 
> sprintf (sql_columns, "name, title"); 
> sprintf (sql_string, "REPLACE into data (%s) VALUES ("%s", "%s")", 
> sql_columns, 
> GET_NAME (ch), 
> pTitle2 ); 
> result = dbi_conn_queryf (conn, sql_string);

Well, this is not a list about C coding, but it looks like you sprintf()
some string to a non-allocated buffer. I'm just wondering why the code
doesn't crash in sprintf() then.

In any case, it is far simpler to use dbi_conn_quote_string_copy() on
the assembled SQL query string rather than on single items. E.g. the
quoted string is surrounded by escape characters, and you subsequently
wrap another pair around the title. This does not seem to generate valid
SQL. Also, if you don't use the printf()-like capabilities of
dbi_conn_queryf(), there is no point in using this function. Use
dbi_conn_query() instead.


Markus Hoenicka
AQ score 38

CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
libdbi-users mailing list

Reply via email to