> rc = sqlite3_bind_text(insert_stmt, 1, eventtype, sizeof(eventtype),
> NULL);
You measure size of pointer eventtype here. If you want to know size
of the string it points to you need to call strlen(eventtype) instead
of sizeof(eventtype).
Pavel
On Mon, Jun 18, 2012 at 4:26 PM, deltagam...@gmx.net
<deltagam...@gmx.net> wrote:
> I defined in main() my char intype[]="chattinges";
> and call the insert_in_db with insert_in_db(intype, 7);
> but in the db is written only chat instead of chattings.
> Where is the problem ?
>
>
> void insert_in_db(char const *eventtype, int zaehler) {
>
> int rc;
> char *exec_errmsg;
>
> const char dbname[] = "ah.db";
>
> sqlite3 *db = NULL;
>
>
>
> rc = sqlite3_open(dbname, &db);
> if(SQLITE_OK != rc) {
> fprintf(stderr, "Can't open database %s (%i): %s\n", dbname, rc,
> sqlite3_errmsg(db));
> sqlite3_close(db);
> exit(1);
> }
>
>
> const char insert_sql[] = "INSERT INTO eventlog (eventtype, counter)
> VALUES (?,?)";
> sqlite3_stmt *insert_stmt = NULL;
>
>
>
> rc = sqlite3_prepare_v2(db, insert_sql, -1, &insert_stmt, NULL);
> if(SQLITE_OK != rc) {
> fprintf(stderr, "Can't prepare insert statment %s (%i): %s\n",
> insert_sql, rc, sqlite3_errmsg(db));
> sqlite3_close(db);
> exit(1);
> }
>
>
>
> char injectionattack[] = "contering";
> // The NULL is "Don't attempt to free() the value when it's bound", since
> it's on the stack here
> //rc = sqlite3_bind_text(insert_stmt, 1, injectionattack,
> sizeof(injectionattack), NULL);
> rc = sqlite3_bind_text(insert_stmt, 1, eventtype, sizeof(eventtype),
> NULL);
>
>
> if(SQLITE_OK != rc) {
> fprintf(stderr, "Error binding value in insert (%i): %s\n", rc,
> sqlite3_errmsg(db));
> sqlite3_close(db);
> exit(1);
> } else {
> printf("Successfully bound string for insert: '%s'\n", eventtype);
> }
>
>
> //double realvalue = 3.14159;
> //int realvalue = 3;
>
> //rc = sqlite3_bind_double(insert_stmt, 2, realvalue);
> rc = sqlite3_bind_int(insert_stmt, 2, zaehler);
>
> if(SQLITE_OK != rc) {
> fprintf(stderr, "Error binding value in insert (%i): %s\n", rc,
> sqlite3_errmsg(db));
> sqlite3_close(db);
> exit(1);
> } else {
> printf("Successfully bound real for insert: %d\n", zaehler);
> }
>
>
> rc = sqlite3_step(insert_stmt);
> if(SQLITE_DONE != rc) {
> fprintf(stderr, "insert statement didn't return DONE (%i): %s\n", rc,
> sqlite3_errmsg(db));
> } else {
> printf("INSERT completed\n\n");
> }
>
> sqlite3_finalize(insert_stmt);
>
> sqlite3_close(db);
>
> };
>
>
> int main() {
>
> char intype[]="chattinges";
>
> cout << endl;
>
> // Create an in-memory database
> //const char dbname[] = ":memory:";
> const char dbname[] = "ah.db";
>
> // Actual database handle
> sqlite3 *db = NULL;
>
> // Database commands
> const char create_sql[] = "CREATE TABLE eventlog ("
> "id INTEGER PRIMARY KEY,"
> "eventdate datetime default current_timestamp"
> "eventtype TEXT,"
> "counter INTEGER"
> ")";
>
> // SQLite return value
> int rc;
>
> // Open the database
> rc = sqlite3_open(dbname, &db);
> if(SQLITE_OK != rc) {
> fprintf(stderr, "Can't open database %s (%i): %s\n", dbname, rc,
> sqlite3_errmsg(db));
> sqlite3_close(db);
> exit(1);
> }
>
>
> // SQLite exec returns errors with this
> char *exec_errmsg;
>
> // Use exec to run simple statements that can only fail/succeed
> rc = sqlite3_exec(db, create_sql, NULL, NULL, &exec_errmsg);
> if(SQLITE_OK != rc) {
> fprintf(stderr, "Error creating table (%i): %s\n", rc, exec_errmsg);
> sqlite3_free(exec_errmsg);
> sqlite3_close(db);
> //exit(1);
> }
>
>
> sqlite3_close(db);
>
> insert_in_db(intype, 7);
>
> exit(0);
>
>
> sqlite3_close(db);
> return 0;
> }
>
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
