|
-
March 18th, 2010, 07:51 AM
#16
Re: converting stringc to char* ?
Personally, I'd use sprintf() or, if using VC, CString::Format() to build the sql request, but I prefer C-style coding over std containers for the most part (that's the way I learned):
Code:
int itemnumber=101;
char sqlbuf[100]; //make it big enough to hold your entire statement
sprintf(buf,"SELECT * FROM USERTABLE WHERE itemnumber='%d' AND loginpw='%s' ORDER BY loginid",itemnumber,"MyPassword");
if(!db.Execute(sqlbuf,tbl)){
//...
}
-
March 18th, 2010, 09:09 AM
#17
Re: converting stringc to char* ?
You should use one or the other approach. Mixing them up just tends to cause confusion. Right now, you're using a combination of strcpy() and std::string fairly intermingled, which I'd consider bad form. Also, don't over-use the c_str() method; it isn't needed for cout or for std::string concatenation, or for pretty much anything else except functions requiring a const char* explicitly.
-
March 18th, 2010, 09:43 AM
#18
Re: converting stringc to char* ?
 Originally Posted by digoxy
Hello Paul, I did drop this in just to see what it would do, I have since tokenized the login id and pw. Here is the way the I did this as a char[200].
Do you have a check if you have exceeded 200 characters? If you don't then this is deemed a vulnerability in your program, as buffer overflow can occur.
That's why std::string is safer.
If you see anything here that might be of use to change it up a bit, I dont mind playing with it. I have it in the script just commented now so I can ding around with it! 
Just fix the compiler errors. If all the problem is just quotes, it takes a few seconds to fix them.
As to char*, the following should be safer:
Code:
#include <string>
#include <vector>
//...
std::string str = "select * from usertable where loginid='";
str += logidin + "' and loginpw ='" + logidin + "' order by loginid";
std::vector<char> tempV(str.begin(), str.end());
tempV.push_back(0);
if(!db.Execute(&tempV[0], tbl))
{ }
Regards,
Paul McKenzie
Last edited by Paul McKenzie; March 18th, 2010 at 12:17 PM.
Reason: Added push_back(0) to null-terminate the string
-
March 18th, 2010, 11:34 AM
#19
Re: converting stringc to char* ?
^I'm not sure that doing that would properly null-terminate the string. You may need to push_back a 0 at the end. Actually, it would be good to know either way for certain.
-
March 18th, 2010, 12:16 PM
#20
Re: converting stringc to char* ?
Originally Posted by Lindley
^I'm not sure that doing that would properly null-terminate the string. You may need to push_back a 0 at the end. Actually, it would be good to know either way for certain.
Yes, it wouldn't hurt to push_back a 0 onto that.
Regards,
Paul McKenzie
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
