I am trying to execute a C program, using mysql C API, connecting to mysql with an update query and I am not getting any compilation or linking errors , but rows are not getting updated in the db table.
When I run this code I am getting empty values updated in emp. status field
#define STRING_SIZE 256
char* eStatus,myeStatus;
int myempid,empid;
int i;
for(i = 0; i < 5 ; i++){
const char* sqlQuery = "update employee_info set estatus = ? where empID = ?";
if (mysql_stmt_prepare(stmt, sqlQuery, strlen(sqlQuery))) {
fprintf(stderr, " mysql_stmt_prepare(), update failed\n");
fprintf(stderr, " %s\n", mysql_stmt_error(stmt));
return -1;
}
memset(param, 0, sizeof(param)); /* zero the structures */
if (info.state == 2)
eStatus = "present";
else
eStatus = "absent";
empid = i;
// Init param structure
// Select
param[0].buffer_type = MYSQL_TYPE_STRING;
param[0].buffer = (void *) &eStatus;
param[0].buffer_length = STRING_SIZE;
param[0].is_null = 0;
param[0].length = &str_length;
param[1].buffer_type = MYSQL_TYPE_SHORT;
param[1].buffer = (void *) &myempID;
param[1].buffer_length = STRING_SIZE;
param[1].is_null = 0;
param[1].length = 0;
myeStatus = eStatus;
myempid = empid;
if (mysql_stmt_bind_param(stmt, param) != 0) {
fprintf(stderr, " mysql_stmt_bind_param() failed\n");
fprintf(stderr, " %s\n", mysql_stmt_error(stmt));
return -1;
}
/* Execute the statement */
if (mysql_stmt_execute(stmt)) {
fprintf(stderr, " mysql_stmt_execute(), failed\n");
fprintf(stderr, " %s\n", mysql_stmt_error(stmt));
return -1;
}
} // end of for loop
Table schema in mysql
empid INT(11)
estatus varchar(10)
I am not able to figure out why status is not getting updated in mysql table. Is it a mismatch of datatypes, or values are not binded properly to sqlquery?
Any clue? Thanks.
You can find here : Writing into mysql database from a single board computer using c a complete example on how to use MYSQL C API to perform queries, if you still have some trouble, please post the whole code.
Why are you trying to use "where empID = ?". If you want it to run for every employee simply omit the where clause. If it is for a specific employee, then his id should be there.
There might be more issues, but this was the first one i found.
You might verify by trying to execute the same query on mysql command line prompt.
Edit: I also don't see any database connection being established and any info related to that. Some thing like
MYSQL *conn = mysql_init(NULL);
*conn = mysql_real_connect(*conn, DB_HOST, DB_USER, DB_PASS, DB_NAME, 0, NULL, flags);
if (*conn != NULL)
{
printf("Connection Successfull\n");
status = 0;
}
Related
I'm trying to set up a prepared statement based on some examples I found on the web. I just want to protect against SQL injections in the name= and description=, but the problem is that when the statement runs it inserts null data
char* my_str = "ABCDF";
char *stmt_str = "INSERT INTO notes (name, description) VALUES(?,?)";
MYSQL_STMT *stmt;
MYSQL_BIND ps_params[2];
my_bool is_null;
int status;
while(curr != NULL) {
stmt = mysql_stmt_init(con);
mysql_stmt_prepare(stmt, stmt_str, strlen(stmt_str));
memset(ps_params, 0, sizeof(ps_params));
/* set up CHAR parameter */
ps_params[0].buffer_type = MYSQL_TYPE_STRING;
//ps_params[0].buffer = (char *)&my_str;
ps_params[0].buffer = &my_str;
ps_params[0].buffer_length=strlen(my_str);
ps_params[0].is_null = 0;
ps_params[0].length = 0;
ps_params[1].buffer_type = MYSQL_TYPE_STRING;
//ps_params[1].buffer = (char *)&my_str;
ps_params[1].buffer = &my_str;
ps_params[1].buffer_length=strlen(my_str);
ps_params[1].is_null = 0;
ps_params[1].length = 0;
mysql_stmt_bind_param (stmt, ps_params);
mysql_stmt_execute(stmt);
Once it executed I see the following data ( It's a bunch of records in my DB ) after executing it many times
my_str is already a pointer to the string, you shouldn't take its address. You're storing the pointer's value rather than the string value.
ps_params[0].buffer = my_str;
I am trying to read column values into my array using mysql queries in C.
for(i=1;i<=15;i++)
{
if (mysql_query(conn, "select numberofskills from latest.skills where id = $i")) {
fprintf(stderr, "%s\n", mysql_error(conn));
exit(1);
}
res = mysql_use_result(conn);
while ((row = mysql_fetch_row(res)) != NULL){
j=0;
arr[j].n =atoi(row[0]);
printf("%d\n", arr[j].n);
j++;
}
I have an error saying "Unknown column '$i' in 'where clause'.
I tried all of these but nothing seems to work.
"select numberofskills from latest.skills where id = $i"
"select numberofskills from latest.skills where id = '$i'"
"select numberofskills from latest.skills where id = i"
$i will not replace the value of i. Instead you should format the string first with value of i replaced in it and then use the string in the mysql query.
In header file or in the beginning of the program, define the below macro:
#define MYSQL_QUERY_LENGTH 100
Inside your function where you are performing query, define the below variable:
char string[MYSQL_QUERY_LENGTH] = {};
Inside the for loop, format the string first:
snprintf(string, MYSQL_QUERY_LENGTH, "select numberofskills from latest.skills where id = %d", i);
Then, use the string in the query as below:
if (mysql_query(conn, string))
First you need to create query string variable with sprintf function where you can properly concatenate your query and variable
here is example
mysql and c -- use variable in query
I am trying to make a function which requests the user to enter a new username and password, which then get stored in a MySQL/MariaDB database. I used strcat_s() and strcpy_s() to concatenate strings together to then get passed as a MySQL/MariaDB query in the C API. However, the result is an Unkown column 'foo' in 'field list' error. How can I fix this error? Below is my code.
void NEW_PLAYER(MYSQL *con)
{
const char *NAME = "foo";
const char *PASSWORD = "bar";
char ch = NULL;
unsigned int i = 0;
printf("%s\n", NAME);
printf("%s\n", PASSWORD);
char TEMP[150];
char str1[] = "INSERT INTO PLAYERS VALUES(";
strcpy_s(TEMP, str1);
strcat_s(TEMP, NAME);
strcat_s(TEMP, ", ");
strcat_s(TEMP, PASSWORD);
strcat_s(TEMP, " ,0, 0, 0, 0)");
printf("%s", TEMP);
// inserting null character at end
if (mysql_query(con, TEMP)) {
fprintf(stderr, "%s\n", mysql_error(con));
exit(-1);
}
}
Here are my results from this code
Strings must be quote, so you must quote 'foo' and 'bar' like this:
const char *NAME = "'foo'";
const char *PASSWORD = "'bar'";
Working on a C project where I'm trying to insert values into a mysql database (linux debian on beaglebone black). The code works fine when I insert constants into the database but I cannot figure out how to get variables for date/time and a double number (temperature). Been at it for a week but cannot seem to figure it out so any insight would be appreciated.
All the assorted things I've tried either end up with a compile error, null in database or zeros. I think I'm close... but obviously missing something, probably in the INSERT INTO line?
char buf[LEN];
time_t curtime;
struct tm *loc_time;
curtime = time (NULL);
loc_time = localtime (&curtime);
strftime (buf, LEN, "%Y-%m-%d" " " "%X", loc_time);
fputs (buf, stdout);
MYSQL *con = mysql_init(NULL);
if (con == NULL)
{
fprintf(stderr, "mysql_init() failed\n");
exit(1);
}
if (mysql_real_connect(con, "localhost", "user", "pass", "TempDB", 0, NULL, 0) == NULL)
{
finish_with_error(con);
}
if (mysql_query(con, "CREATE TABLE IF NOT EXISTS TempMeas(MeasTime DATETIME, Temp DOUBLE)"))
{
finish_with_error(con);
}
if (mysql_query(con, "INSERT INTO TempMeas(MeasTime, Temp) VALUES('%d', '%d')", buf, j))
{
finish_with_error(con);
}
mysql_close(con);
exit(0);
If you want to insert the actual date and time into the SQL you can do that with sql:
INSERT INTO TempMeas(MeasTime, Temp) VALUES(now(), 'other value');
you get the other values into it with:
#include<string.h> # needed for sizeof()
/* all the other stuff */
char query1[999];
int num = sprintf(query1, "INSERT INTO TempMeas(MeasTime, Temp) VALUES(now(), '%d');", j);
if (num > sizeof(query1))
{
printf("Error: Query too long.\n");
exit (1);
}
if (mysql_query(con, query1))
{
printf("Error: mysql_query failed.");
exit (1);
}
Changed so that query has defined size, and checking if the actual query fits in our char query[999]
I try to make function to check if table exists and to get total number of rows but I get result 1 instead of 99999.
So, what should I do here to work properly?
int sql_table_length(char* database, char* dtable, char* mysql_user_name, char* mysql_password)
{
int retval = 0;
MYSQL *conn;
conn = mysql_init(NULL);
if (conn)
{
if (mysql_real_connect(conn, "localhost", mysql_user_name, mysql_password, database, 0, NULL, 0)!=0)
{
char chktable[512] = {0};
sprintf(chktable,"%s%s%s", "SHOW TABLES LIKE '", dtable, "'");
mysql_query(conn, chktable);
if (mysql_store_result(conn))
{
MYSQL_RES *result;
char lngtable[512] = {0};
sprintf(lngtable, "%s%s", "SELECT COUNT(*) FROM ", dtable);
if (!(mysql_query(conn, lngtable)))
{
result = mysql_store_result(conn);
retval = mysql_num_rows(result); // here I get 1
mysql_free_result(result);
}
else retval = -4; //no rows
}
else retval = -3; //don't exist
}
else retval = -2; //can't connect
}
else retval = -1; //no connection
mysql_close(conn);
return retval;
}
Thanks!
Your query, SELECT COUNT(*) FROM table returns a single row containing the number of rows in the table. Instead of counting the number of rows in the result, you want to query the number that is returned.
You will want to do something like (untested):
MYSQL_STMT *stmt;
MYSQL_BIND bind;
long rows;
my_bool error; /* Omit at your own risk */
stmt = mysql_stmt_init(mysql)
mysql_stmt_prepare(stmt, lngtable, strlen(lngtable));
mysql_stmt_execute(stmt);
memset(&bind, 0, sizeof(bind));
bind.buffer_type = MYSQL_TYPE_LONG;
bind.buffer = (char *)&rows;
bind.error = &error; /* Omit at your own risk */
mysql_stmt_bind_result(stmt, &bind);
mysql_stmt_fetch(stmt);
printf("Number of rows: %ld\n", rows);
You should add error checking to all the mysql calls. See http://dev.mysql.com/doc/refman/5.0/en/mysql-stmt-fetch.html for more examples about binding parameters.
Alternatively, you can change your query to something like SELECT * FROM table and keep the rest of your code, but this is asking MySQL to do a lot more work, and the result will likely take longer.
After David's suggestion, I found a simpler and safer way to get the result. Maybe someone will need this:
int sql_table_length(char* database, char* dtable, char* mysql_user_name, char* mysql_password)
{
MYSQL *conn;
MYSQL_RES *result;
MYSQL_ROW rowdata;
int retval = 0;
conn = mysql_init(NULL);
if (conn)
{
if (mysql_real_connect(conn, "localhost", mysql_user_name, mysql_password, database, 0, NULL, 0)!=0)
{
char chktable[512] = {0};
sprintf(chktable,"%s%s%s", "SHOW TABLES LIKE '", dtable, "'");
if (!(mysql_query(conn, chktable)))
{
result = mysql_store_result(conn);
if (mysql_num_rows(result))
{
char lngtable[512] = {0};
sprintf(lngtable, "%s%s", "SELECT COUNT(*) FROM ", dtable);
if (!(mysql_query(conn, lngtable)))
{
result = mysql_store_result(conn);
if (result)
{
rowdata = mysql_fetch_row(result);
if (rowdata)
retval = atoi(rowdata[0]);
else retval = -7; // data error
}
else retval = -6; // result error
mysql_free_result(result);
}
else retval = -5; // can't select
}
else retval = -4; // table don't exist
}
else retval = -3; // can't query
}
else retval = -2; // can't connect
}
else retval = -1; // no server connection
mysql_close(conn);
return retval;
}
Any remarks on possible memory leaks (or other) are welcome!