The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.
|
 |
|
Dev Shed Forums
> Programming Languages
> C Programming
|
Libpq and PGconn struct
Discuss Libpq and PGconn struct in the C Programming forum on Dev Shed.
Libpq and PGconn struct C programming forum discussing all C derivatives, including C#, C++, Object-C, and even plain old vanilla C. These languages are low level languages, and used on projects such as device drivers, compilers, and even whole computer operating systems.
|
|
 |
|
|
|
|
Dev Shed Forums Sponsor:
|
|
|
April 30th, 2009, 12:24 PM
|
|
Registered User
|
|
Join Date: Apr 2009
Posts: 3
Time spent in forums: 1 h 20 m 27 sec
Reputation Power: 0
|
|
|
Libpq and PGconn struct
Hi guys
I am using libpq for connecting to PostgreSQL Database.
But I cant find the description of this PGconn struct anywhere. Also in Postgres's documentation, there is nothing said about it.
Best wishes
|
April 30th, 2009, 12:34 PM
|
|
Registered User
|
|
Join Date: Apr 2008
Posts: 34
Time spent in forums: 11 h 2 m 5 sec
Reputation Power: 0
|
|
PGconn is defined by a typedef; search the header files for the
structure it's defined to be.
Here it is....
libpq-fe.h has typedefed pg_conn as PGConn
Code:
typedef struct pg_conn PGconn;
Check the below link for definition of struct pg_conn
http://doxygen.postgresql.org/libpq-int_8h-source.html
|
May 5th, 2009, 01:48 AM
|
|
Registered User
|
|
Join Date: Apr 2009
Posts: 3
Time spent in forums: 1 h 20 m 27 sec
Reputation Power: 0
|
|
|
hi guys
What I am trying to do is to make some queries to postgresql database using libpq, PQexec funcion.
generally there is no problem if I am using standard SQL query.
char* query="INSERT INTO students(id,name, age) values(2,'Chris', 23)";
PQexec(query);
But I need to make some values in this query such as name and age to be variables. Program should ask about name and age first and then prepare a statement and send it.
Suppose if I write this:
char *query="INSERT INTO student(id,name,age) values(2,";
char *name="Chris";
char *end="')";
Is there any function which allows me to concatenate those two or more strings in one string and then make a query to database? Is there any function which converts integer to string?
Best wishes
|
May 7th, 2009, 11:56 AM
|
|
Registered User
|
|
Join Date: Apr 2008
Posts: 34
Time spent in forums: 11 h 2 m 5 sec
Reputation Power: 0
|
|
Try this code
Code:
#define MAX_QUERY_LEN 3000
char *query;
char *name="Chris";
int age = 25;
char *end="')";
query = (char*)malloc(MAX_QUERY_LEN * sizeof(char));
sprintf(query,"INSERT INTO student(id,name,age) values(2,'%s',%d )", name, age);
Character field should be within single quotes.
|
May 7th, 2009, 12:15 PM
|
 |
Banned ;)
|
|
Join Date: Nov 2001
Location: Woodland Hills, Los Angeles County, California, USA
|
|
|
It is better to use snprintf() instead of sprintf(). That way you can control how much is written to the string and also detect if it would have overflowed the string.
__________________
Up the Irons
What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
"Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
Down with Sharon Osbourne
|
May 10th, 2009, 02:07 AM
|
|
Registered User
|
|
Join Date: Apr 2009
Posts: 3
Time spent in forums: 1 h 20 m 27 sec
Reputation Power: 0
|
|
|
hi guys
That's working, but when I try to use scanf("%s",&name) it doesnt work.
char * query;
char * name;
scanf("%s",&name);
sprinf(query, "SELECT * FROM '%s'",name);
I've got a memory protect error.
Thanks in advance
|
May 10th, 2009, 07:40 AM
|
|
Registered User
|
|
Join Date: Apr 2008
Posts: 34
Time spent in forums: 11 h 2 m 5 sec
Reputation Power: 0
|
|
czildren,
query and name variables are pointers and hence they need to allocated enough memory before using them.
Code:
query = (char*)malloc(MAX_QUERY_LEN * sizeof(char));
name = (char*)malloc(MAX_NAME_LEN * sizeof(char));
|
May 11th, 2009, 12:49 AM
|
 |
Commie Mutant Traitor
|
|
Join Date: Jun 2004
Location: Norcross, GA (again)
|
|
I'm concerned here about one last part of this... while all of the examples you gave used constant strings, the question leads me to think that the actual name field would be from user input. Concatenating user data into a SQL query leaves you vulnerable to 'SQL injection', especially if you aren't vetting the data in some way first.
While SQL injection attacks are mostly associated with web-based queries, they can occur any time you paste data from input directly into a query. I recommend using PQexecParams() rather than PQexec(), as it ensures that data entered are passed to the DBMS in such a way that it cannot spoof the query. Better still would be to use PQprepare()
Code:
PGresult* result = NULL;
/* .. */
result = PQprepare(dbconn, "AddStudent", "INSERT INTO students(id,name, age) values($1, $2, $3)", 3, NULL);
if ( /* ...results are valid... */ )
{
/* ... prepare the array of parameter values... */
PQexecPrepared(dbconn, "AddStudent", 3, params, plens, pformats, rformat);
}
This is only a general outline; you'd have to work out how you would need to use it. If nothing else, you can avoid most of the business of string concatenation.
Last edited by Schol-R-LEA : June 7th, 2009 at 12:26 PM.
|
Developer Shed Advertisers and Affiliates
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
Rate This Thread |
 Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
