Calling MySQL stored procedure in c, passing variable argument - mysql

I made a database in MySQL and I created some Stored Procedures. Now I need to launch these SP using a C program.
I've already connected my db to c successfully, using:
char u[255];
char p[255];
int main (int argc, char *argv[])
{
scanf("%s",u);
scanf("%s",p);
conn = mysql_init (NULL);
login = mysql_real_connect(conn, "localhost",u,p, "ASL", 3306, NULL, 0);
}
I'm able to calling a SP without any parameter. For example my SP mostra_pazienti()shows all the rows contained in the MySQL table 'paziente', and I made in this way:
query = "call mostra_pazienti()";
mysql_query (conn,query);
MYSQL_RES *result = mysql_store_result(conn);
int num_fields = mysql_num_fields(result);
while ((row = mysql_fetch_row(result)))
{
for(int i = 0; i < num_fields; i++)
{
printf(" %s ", row[i] ? row[i] : "NULL");
}
printf ("\n");
}
}
But basically now I need to run a procedure which takes some parameters as input.
For example MySQL procedure esame_aggiungi(IN code CHAR(5),IN name VARCHAR(30),IN cost FLOAT) insert a new row in the table exam.
So, in C, how can I take the parameters code, name, and cost using scanf(), and how can I use them to execute my Stored procedure?

If you're asking "how do I build the CALL MYPROC(ARG1, ARG2...) string within my C program", you can use the function snprintf for that, which writes formatted data to a string of known length.
char query[1000];
snprintf(query, 1000, "CALL MYPROCEDURE(\"%s\", \"%s\", %f);", code, name, cost);
mysql_query(conn, query);
Note that bounds checking for the constraints in the MySQL table (i.e. the field code is of type CHAR (5) and name is of type VARCHAR (30)) must be taken care of as well. A column with type CHAR(N) rather than VARCHAR will contain exactly N characters.

Related

How to access the first element in a pointer to an array using the C mysql API

I am trying to implement part of the mysql C API to retrieve one known field which will be a TINYINT value (boolean, either 1 or 0)
The mysql C API offers a type which is a pointer to an array MYSQL_ROW row; where the elements of the array are accessed via row[i] where i is the index. The elements are returned as strings whatever the data type in the database.
The field I am trying to access is obviously boolean and will be either 1 or 0 if the query finds the field. I want to do a logic check as to the value of this field but am struggling with types. I tried casting row[i] to an int but no good, I seem to get the pointer returned. I know that C doesn't have a native bool type but can be implemented. Any ideas there would be welcome.. here's my code, many thanks in advance - Paul
void process_result_set (MYSQL *conn, MYSQL_RES *res_set) {
MYSQL_ROW row;
unsigned int i;
unsigned int logonstatus;
while ((row = mysql_fetch_row (res_set)) != NULL)
{
for (i = 0; i < mysql_num_fields (res_set); i++)
{
logonstatus = (int)(row[i]); // gives an int return but appears to return a memory location i.e. a pointer
printf("The value of logon status is: %d\n", logonstatus);
printf("\nThe value of the logon field is:%s\n", row[i]);
}
}
if (mysql_errno (conn) != 0)
print_error (conn, "mysql_fetch_row() failed");
else
printf ("%lu rows returned\n",(unsigned long) mysql_num_rows (res_set));
}

Incompatible pointer type with mysql_store_result

I am new to C but I am currently working on a project where I have a compiler warning but I can't see what the problem is, or how I am able to fix it.
I am performing a mysql query and then storing the result but when I try I fetch the row to store in the MYSQL_ROW I get the following compilation warning
warning: assignment from incompatible pointer type
Below is how I am running the query and storing the result
int processDrilldownData(char **reportParameterArray, FILE *csvFile, char *sql, MYSQL *HandleDB, MYSQL_RES *resultReport, MYSQL_ROW rowReport, int UserLevel, int ParentUserLevel, char *CustomerDisplayName, Restrictions *reportRestrictions, int totalLookupNumberCount, numberLookupStruct *numberLookup, int maximumLookupChars, char * statsOutputTable, int targetNumber, FILE * sqlDebugFile)
{
MYSQL_RES * audioResult = NULL;
MYSQL_ROW * audioRow = NULL;
sqlLen = asprintf(&sql, "SELECT Tmp.SwitchID, Tmp.CorrelationID, SUM(IF(Direction=2,1,0)) as SSPAudio, "
"SUM(IF(Direction=1,Duration/100,0)) as SSPAudioDur FROM %s AS Tmp GROUP BY Tmp.SwitchID, "
"Tmp.CorrelationID ORDER BY Tmp.SwitchID, Tmp.CorrelationID, Direction, SeizeUTC, SeizeCSec",
statsOutputTable);
if ((mysql_real_query(HandleDB, sql, sqlLen))) return 1;
audioResult = mysql_store_result(HandleDB);
audioRow = mysql_fetch_row(audioResult);
}
Thanks for any help you can provide
The error message is from mysql_fetch_row() and not mysql_store_result(). mysql_fetch_row returns MYSQL_ROW, note the missing *.
So the declaration must look like
MYSQL_ROW audioRow;

recently switch from sqlite to mysql. need to convert some code in c

I'm writing C program to access database.
I recently switch from sqlite to mysql.
I'm not familiar with mysql c api, so I need help converting some code.
Below example is executing sql statement with parameter.
sqlite:
char *zSQL = sqlite3_mprintf("SELECT price FROM warehouse WHERE p_ID='%q'", input_value);
sqlite3_prepare_v2(handle,zSQL,-1,&stmt,0);
my attempt in mysql:
char zSQL[60] = {'\0'};
int n = 0;
n = sprintf(zSQL, "SELECT price FROM warehouse WHERE p_ID='%s'", input_value);
mysql_real_query(conn, zSQL, n);
Another example is parsing result of sql statement to variable
sqlite:
double price_value = 0;
if (sqlite3_step (stmt) == SQLITE_ROW) {
price_value = sqlite3_column_double (stmt, 0);
}
mysql:
MYSQL_ROW row;
while ((row = mysql_fetch_row(result)))
{
price_value = atof(row[0]);
}
While the code in mysql works for me, but I feel like I'm not utilizing the API enough.
Is there any function in mysql c api which has the same functionality as sqlite3_mprintf() and sqlite3_column_double() ?
Edit:
My attempt on mysql_real_escape_string():
ulong in_length = strlen(input_value);
char input_esc[(2 * in_length)+1];
mysql_real_escape_string(conn, input_esc, input_value, in_length);
char sql_stmnt[56] = {'\0'};
n = sprintf(zSQL, "SELECT price FROM warehouse WHERE p_ID='%s'", input_esc);
mysql_real_query(conn, sql_stmnt, n);
For your first exampe, the short answer is no, you have to do it yourself, see http://dev.mysql.com/doc/refman/5.5/en/mysql-real-escape-string.html
unsigned long mysql_real_escape_string(MYSQL *mysql, char *to, const char *from, unsigned long length)
The second one, yes, that's the way to go, with some additional check that row[0] is indeed of type double.
Alternatively, you can use the prepared statement API which works quite similar to the one in sqlite3. The key is you provide buffers of type MYSQL_BIND and then either bind the inputs to it, or have mysql binding output values there.
Prepared statement documentation: http://dev.mysql.com/doc/refman/5.5/en/c-api-prepared-statement-data-structures.html

How to pass variable in mysql_query

I try to execute mysql query passing variable. Here is my code
char str[100] = "My String";
mysql_query(conn, printf("INSERT INTO table VALUES %s"), str);
I get that warning during compile process
warning: passing argument 2 of ‘mysql_query’ makes pointer from integer without a cast
What I miss ?
Extending #ckruse's answer, you should take care to use mysql_real_escape_string() if your string comes from arbitrary sources.
int insert_data(MYSQL * mysql, char * str, int len)
{
if (len < 0) {
len = strlen(str);
}
char esc[2*len+1];
unsigned long esclen = mysql_real_escape_string(mysql, esc, str, len);
char statement[512];
snprintf(statement, sizeof statement, "INSERT INTO table VALUES ('%s')", esc);
return mysql_query(mysql, statement);
}
(An alternative could be mysql_hex_string() if dealt with correctly.)
You cannot do that. printf() returns the number of characters printed. You have to create the string before calling mysql_query():
char statement[512], *my_str = "MyString";
snprintf(statement, 512, "INSERT INTO table VALUES ('%s')", str);
mysql_query(conn, statement);
Also, be careful when creating those query strings. Don't use functions like sprintf() if you cannot be sure how long the resulting string is. Don't write over the boundaries of the memory segment.
you should put "'' in front and after the string
like this
mysql_query(conn, printf("INSERT INTO table VALUES ('%s')"), str);

Insert client input into MySQL database with C

How do I write a C program which gets the client input for MySQL server? I'm using Fedora as my OS.
Here is my code:
#include<my_global.h>
#include<mysql.h>
main()
{
char name[25];
MYSQL *conn;
conn=mysql_init(NULL);
mysql_real_connect(conn,"localhost","root","","testdb",0,NULL,0);
printf("Enter your name:");
scanf("%s",name);
mysql_query(conn,"CREATE TABLE Users(name VARCHAR(25))");
mysql_query(conn,"INSERT INTO Users VALUES(name)");
//mysql_query(conn,"INSERT INTO Users VALUES('Farhan')");
//mysql_query(conn,"INSERT INTO Users VALUES('Dileep')");
//mysql_query(conn,"INSERT INTO Users VALUES('RAJIV')");
mysql_close(conn);
}
I want the client input to be stored in MySQL database and not the constant values.
Try sprintf'ing the name into your query, something like this:
int len = query_len + name_len + 1;
char * insert_query = (char *) malloc(len);
snprintf(insert_query, len, "INSERT INTO Users VALUES('%s')", name);
However, you'll need to take some care when checking the buffer lengths and especially escaping the name string.