Using sprintf with mysql_query
I'm using a mysql snippet that connects to my mysql database (locally) in
ANSI C. Everything is working perfectly, but I've been trying to create a
function that connects to my database and inserts a new record based on
some variables. I'm using sprintf to snag those variables and piece them
together to form my SQL query.
Problem
Once I have my variables and my SQL ready, I send it over to mysql_query.
Unfortunately, this does not work as expected, the program crashes and
reports a buffer overflow.
Here are pieces of the overall function that may help explain the problem.
#include <mysql.h>
#include <string.h>
#include <stdio.h>
char *table = "test_table"; // table is called test_table
char *column = "value"; // column is called value
char *value = "working"; // what value we are inserting
char *query; // what we are sending to mysql_query
sprintf(query, "INSERT INTO %s (%s) VALUES ('%s')", table, column, value);
if (mysql_query(conn, query)) {
fprintf(stderr, "%s\n", mysql_error(conn));
return;
}
Purpose
The purpose of the overall function is so I don't have to keep rewriting
SQL insert or update statements in my program. I want to call to one
function and pass a few parameters that identify the table, columns and
the values of said columns.
Any help would be most appreciated. I'm a bit rusty in C these days.
No comments:
Post a Comment