Strcpy Null Value Obtained From MySQL in C - mysql

I am using Connector C to connect to my MySQL database. A modification that I have made to the database recently now allows the data in my url field to be NULL. Connector C does not appear to have any problems reading the NULL value, but when I try and pass the value to my array structure using strcpy, the program crashes. Here is a simplified version of my code:
mysql_real_connect(conn, server,user,password,database, port, NULL, 0);
mysql_query(conn, "SELECT * FROM main WHERE propType IN ('Single Family', 'Condominium')");
res = mysql_use_result(conn);
while (((row = mysql_fetch_row(res)) != NULL) && (row[0] != NULL)) {
props[count].uniqueID = atol(row[0]);
strcpy(props[count].address, row[1]);
.
.
.
strcpy(props[count].url, row[55]);
count++;
}
By tracing out output of the rows, I have determined that it is this line of code that is failing, and it is ONLY failing when row[55] is (null):
strcpy(props[count].url, row[55]);
I am fairly new to C, and I assume that the problem lies in trying to use strcpy with a null string.
Any suggestions?

As is suggested above in the comment the problem is that row[55] has the value NULL and so strcpy() will crash. Maybe you want to try the following:
if (row[55] != NULL)
strcpy(props[count].url, row[55]);
else
props[count].url[0] = '\0';
Here is another example code which use a bit to store if the database contains NULL or a empty value:
if (row[55] != NULL)
{
strcpy(props[count].url, row[55]);
props[count].urlEmpty = false;
}
else
{
props[count].url = '\0'; // Maybe you can skip this
props[count].urlEmpty = true;
}
In this case you need to expand your structure.

Related

Problem with handling the result of SELECT query in MYSQL C API

I'm getting a Internal Server Error with one of my scripts. I'm using MYSQL C API. https://dev.mysql.com/doc/refman/5.6/en/c-api.html
Here is the corresponding part of my script:
MYSQL *con;
MYSQL_RES *result;
MYSQL_ROW robe;
con = mysql_init(NULL);
if (!mysql_real_connect(valid values)) {
printf("Content-type: text/html\n\n");
printf("Could not connect\n");
exit(0); }
char somequery[512];
//userinput is sanitized beforehand
int sog = sprintf(somequery, "SELECT password from testtab WHERE username='%s'", userinput);
if (sog < 0) {
printf("Content-type: text/html\n\n");
printf("Something went wrong with Sprintf\n");
exit(0); }
int bos = mysql_real_query(con, somequery, strlen(somequery));
if (bos != 0) {
printf("Content-type: text/html\n\n");
printf("The query produced no result\n");
exit(0); }
result = mysql_store_result(con);
if (result == NULL) {
printf("Content-type: text/html\n\n");
printf("No Result Set Produced\n");
exit(0); }
robe = mysql_fetch_row(result);
char *passdb = robe[0];
printf("Content-type: text/html\n\n");
printf("And it is: %s", passdb);
A HTML form submits via POST to this script (part of which is seen above). When I submit a username which exists in the database beforehand, I'm receiving no error. Everything works fine.
The problem arises, when I'm submitting a username that doesn't exist in the said table(testtab). Well, I'm getting 500 Internal Server Error. I have looked at Apache Error log as well: "End of Script output before Headers".
I have tried a few things so far, but none of them worked. Any help is appreciated.
Note: Doing mysql_num_fields(result); in both cases gives 1.
First, you should NEVER store passwords in a database, especially one that is reachable through an online service. exit(0) indicates success. It's also short-circuiting your output before it is completed. You can't just call exit(0) in the middle of producing output. Use some kind of "data not available" string instead.
I have found the solution elsewhere, thanks to the help of some good people. It seems, that I had made a silly mistake as well as needed a thorough understanding of the difference between two MYSQL C API functions.
I'm writing the answer here, in hope of it benefiting others.
The mistakes is here:
robe = mysql_fetch_row(result);
Though it is correct in itself. I fail to check its result. What happens is that when the SQL query is performed using a username that did not exist in the DB beforehand, the result is a empty set (and not a error).
The mysql_store_result and mysql_fetch_row have a slight difference here. While the former will not return NULL if the set is empty, the later will.
All I have to do is add a check after the above line with the logic:
if (robe == NULL) {
//error occured
} else { //go on
}

MySQL Connector C/C API - Query with special characters

I a C program I have a function that takes in parameter a domain name:
void db_domains_query(char *name);
With mysql_query() I test if the domain name is existing in a database. If it's not the case, I insert the new domain name:
...
char *query[400];
sprintf(query, "SELECT Id, DomainName FROM domains WHERE domainName LIKE '%s'", name);
if (mysql_query(con, query))
finish_with_error(con);
MYSQL_RES *result = mysql_store_result(con);
if (result == NULL)
finish_with_error(con);
MYSQL_ROW row;
if ((row = mysql_fetch_row(result)))
printf("Element exists : %s %s\n", row[0], row[1]);
else
printf("Element %s doesn't found\n", name);
// Then insert the new domain name ...
This portion of code works perfectly if name contains only "normal characters". However, for domain names that contain "special characters" the query seems incorrect even if those are in the database for instance :
name = undaben.de : Element exists : 100 undaben.de
name = ®here.com : Element ®here.com is not found.
name = §travel.us : Element §travel.us is not found.
Extract of the table :
+-----+--------------+
| id | domainname |
+-----+--------------+
| 100 | undaben.de |
| 162 | §travel.us |
| 197 | ®here.com |
+-----+--------------+
The collation of the field domainname is utf8_unicode_ci.
So how can I pass to mysql_query all domain names including the "special" ones ?
I recommend you to avoid the C API unless you have a compelling reason to use it. The C++ API es way more usable.
You are embedding your arguments within your query string. This has a number of problems, including security risks. If you insist in this approach, in order to prevent problems with parameters messing with your query, you need to ensure a few things:
Make sure that your data encoding matches the encoding of the MySQL Client connection (this may be different from your database encoding). If your connection is set up as UTF-8, then you need to make sure that special characters such as © are encoded also in UTF-8 when used as input to the sprintf function.
You also need to protect from other SQL escape characters (like '). For this you can use the mysql_real_escape_string function, as mentioned in Efficiently escaping quotes in C before passing to mysql_query.
However, you should very likely be using prepared statements which circumvent these issues. You still need to make sure that your input data encoding matches the encoding of your client connection, but everything else shall be easier to handle.
I paste an example of a parameterized query using the C API with prepared statements looks like (example from http://lgallardo.com/2011/06/23/sentencias-preparadas-de-mysql-en-c-ejemplo-completo/). Note the example is for integers, not strings, you need to adapt to your use case.
sql = "select count(*) from addresses where id = ?";
// Open Database
openDB(&conn);
// Allocate statement handler
stmt = mysql_stmt_init(conn);
if (stmt == NULL) {
print_error(conn, "Could not initialize statement handler");
return;
}
// Prepare the statement
if (mysql_stmt_prepare(stmt, sql, strlen(sql)) != 0) {
print_stmt_error(stmt, "Could not prepare statement");
return;
}
// Initialize the result column structures
memset (param, 0, sizeof (param)); /* zero the structures */
memset (result, 0, sizeof (result)); /* zero the structures */
// Init param structure
// Select
param[0].buffer_type = MYSQL_TYPE_LONG;
param[0].buffer = (void *) &myId;
param[0].is_unsigned = 0;
param[0].is_null = 0;
param[0].length = 0;
// Result
result[0].buffer_type = MYSQL_TYPE_LONG;
result[0].buffer = (void *) &myNumAddresses;
result[0].is_unsigned = 0;
result[0].is_null = &is_null[0];
result[0].length = 0;
// Bind param structure to statement
if (mysql_stmt_bind_param(stmt, param) != 0) {
print_stmt_error(stmt, "Could not bind parameters");
return;
}
// Bind result
if (mysql_stmt_bind_result(stmt, result) != 0) {
print_stmt_error(stmt, "Could not bind results");
return;
}
// Set bind parameters
myId = id;
// Execute!!
if (mysql_stmt_execute(stmt) != 0) {
print_stmt_error(stmt, "Could not execute statement");
return;
}
if (mysql_stmt_store_result(stmt) != 0) {
print_stmt_error(stmt, "Could not buffer result set");
return;
}
// Init data
(*numAddresses) = 0;
// Fetch
if(mysql_stmt_fetch (stmt) == 0){
(*numAddresses) = myNumAddresses;
}
// Deallocate result set
mysql_stmt_free_result(stmt); /* deallocate result set */
// Close the statement
mysql_stmt_close(stmt);
// Close Database
closeDB(conn);
Again, if you can use some other client library (like the C++ client) your code will be way shorter and readable.
My bad, as #jjmontes mentioned it seems that the sent string was encoded in 'latin1'.
Using the function mysql_set_character_set(conn, "utf8") before doing the query solved this problem.
Now, I will try to use prepared statements instead of query strings.
thanks again!

Named query with optional parameter not working in mysql

I have a named query below for optional parameter which is flightNumber, departureAirport and arrivalAirport. But this query is not working when I don't give any value for these parameter.
#Query("from CapacityMonitor
where carrierCode = :carrierCode and
(:flightNumber IS NULL OR flightNumber = :flightNumber) and
(:departureAirport IS NULL OR departureAirport = :departureAirport) and
(:arrivalAirport IS NULL OR arrivalAirport = :arrivalAirport)
I can change a query but i have to use with #Query annotation only
So you want to keep your query the way it is and make it work with or without parameters. Well, you can't do that. If the query is expecting parameters, then you have to set them.
The best approach would be to leave the query the same way it is and set the parameters to NULL so that :param IS NULL returns TRUE in those cases and return all results. That way you will fake a match.
Anyway, the parameter has to be set always.
I would suggest using a Criteria Query to build a statement with custom WHERE clause.
Based on your example, it could look like this (depending on your data types):
public List<CapacityMonitor> getFlights(String carrierCode, String flightNumber, String departureAirport, String arrivalAirport) {
CriteriaBuilder builder = em.getCriteriaBuilder();
CriteriaQuery<CapacityMonitor> query = builder.createQuery(CapacityMonitor.class);
Root<CapacityMonitor> root = query.from(CapacityMonitor.class);
query.select(root);
// Carrier code is mandatory
query.where(builder.equals(root.get("carrierCode"), carrierCode));
// Other properties are optional
if (null != flightNumber && flightNumber.length() > 0) {
query.where(builder.equals(root.get("flightNumber"), flightNumber));
}
// Use LIKE expression to match partially
if (null != departureAirport && departureAirport.length() > 0) {
query.where(builder.like(root.get("departureAirport"), "%" + departureAirport + "%"));
}
if (null != arrivalAirport && arrivalAirport.length() > 0) {
query.where(builder.like(root.get("arrivalAirport"), "%" + arrivalAirport + "%"));
}
return em.createQuery(query).getResultList();
}

linq mysql : select multiple column and send the to view

I have selected multiple columns from my table, but I don't know how to pass it to my view.
var result = (from f in db.firmware
where f.firmware_release_type_text != ""
|| f.firmware_release_type_text != null
|| f.firmware_release_number_int != 0
select new{
f.firmware_release_type_text,
f.firmware_release_number_int
}).Distinct();
The result is f__anonymous2. I want to some how use it in my view. all the forums have just answered how to choose multiple columns, but nobody mentions how to pass them. I think I'm missing something obvious.
I want to be able to use this fields, or even merge them as one string.
I have tried Cast and so many other options which did not work.
When I try to force casting it sting, I get :
Unable to cast the type 'Anonymous type' to type 'System.String'
Thanks
UPDATE:
At the end I went with:
var result = (from f in db.firmware
where (f.firmware_release_type_text != "")
&& (f.firmware_release_type_text != null)
&& (f.firmware_release_number_int != 0)
select new{
f.firmware_release_type_text,
f.firmware_release_number_int
}
).Distinct();
List<string> result2 = new List<string>();
foreach (var item in result)
{
result2.Add(item.firmware_release_type_text
+ "-" + item.firmware_release_number_int);
}
If you want to return your data as a string you have to say how it should be formatted. You could for example change this:
select new
{
f.firmware_release_type_text , f.firmware_release_number_int
}
To this:
select f.firmware_release_type_text + " v" + (int)f.firmware_release_number_int
You have two options to create a model first, second format the data on the server side.

Insert using linq templates not returning the id - MySQL

I'm using the latest subsonic dll and the latest linq templates from github. The db i'm inserting into is MySQL. Id column on table is primary key auto increment.
Versions:
Subsonic.Core.dll - 3.0.0.3 - (November 18, 2009 Merged pulls from Github).
LinqTemplates - July 29, 2009.
MySQL.Data.CF.dll - 6.1.2.0.
The row is inserted but the id is returned as 0.
Example of the insert:
mysqldb db = new mysqldb.mysqldbDB();
int ID = db.Insert.Into<db.myTable>(
r => r.message,
r => r.name,
r => r.status).Values(
message,
name,
status).Execute();
Am I doing something wrong? Shouldn't the new id be returned, not zero?
Found the bug in subsonic core.
It's in Subsonic.Core.Query.Insert.cs
The Execute method does not have a condition for id's returned that are of type long.
I've rewritten the method in my local version to:
public int Execute()
{
int returner = 0;
object result = _provider.ExecuteScalar(GetCommand());
if(result != null)
{
if(result.GetType() == typeof(decimal))
returner = Convert.ToInt32(result);
else if (result.GetType() == typeof(int))
returner = Convert.ToInt32(result);
else if (result.GetType() == typeof(long))
returner = Convert.ToInt32(result);
else
returner = Convert.ToInt32(result);
}
return returner;
}
I've changed the multiple if statements to else if's and added the type comparison of long. Also I've added the final else condition which does a convert to int. Not sure if that's such a good idea but it works for me.
If someone wants to update the source great. If i find time sometime soon i'll update it myself.