I do not know how to implement prepared statements in my Sqlite3 code
#include <iostream>
#include <sqlite3.h>
#include <stdio.h>
static int callback (void* NotUsed, int argc, char** argv, char** azColName) {
int i;
for (i = 0; i < argc; i++) {
std::cout << ("%s = %s\n", azColName[i], argv[i] ? argv[i] : "NULL");
}
std::cout << ("\n");
return 0;
}
int main (int argc, char* argv[]) {
sqlite3* db;
char* zErrMsg = 0;
int rc;
char* sql;
/* Open database */
rc = sqlite3_open ("test.db", &db);
if (rc) {
std::cerr << "Can't open database: \n" << sqlite3_errmsg (db);
return (0);
}
else {
std::cout << "Opened database successfully\n";
}
std::string newName;
std::cin >> newName;
/* Create SQL statement */
sql = "UPDATE company SET name = newName WHERE id = 1";
/* Execute SQL statement */
rc = sqlite3_exec (db, sql, callback, 0, &zErrMsg);
if (rc != SQLITE_OK) {
std::cout << "SQL error: \n" << zErrMsg;
sqlite3_free (zErrMsg);
}
else {
std::cout << "Records created successfully\n";
}
sqlite3_close (db);
return 0;
}
The user has to input newName and this variable should be used to Update a field in the Database. This way it does not work, because the Sql script is searching for a column. In the internet I found, that I had to use a prepared statement, but I do not know how to implement it.
You start with an sql statement that has placeholders for the parameters that you wish to bind later. Here, I use a single question mark for the placeholder, but there are other options described in the documentation.
std::string sql = "UPDATE company SET name = ? WHERE id = 1";
Then you construct a prepared statement (or "compile", as they say it in sqlite documentation). You'll normally use sqlite_prepare_v2 function, but there are others (for when your statement is encoded in something else than utf-8, for example).
sqlite3_stmt* stmt; // will point to prepared stamement object
sqlite3_prepare_v2(
db, // the handle to your (opened and ready) database
sql.c_str(), // the sql statement, utf-8 encoded
sql.length(), // max length of sql statement
&stmt, // this is an "out" parameter, the compiled statement goes here
nullptr); // pointer to the tail end of sql statement (when there are
// multiple statements inside the string; can be null)
Then you bind the parameter(s). There's a whole bunch of avaliable functions. Which one exactly you use depends on the type
of data that you're binding to the parameter. Here, we bind text, so we use sqlite3_bind_text:
std::string newName = /* get name from user */;
sqlite3_bind_text(
stmt, // previously compiled prepared statement object
1, // parameter index, 1-based
newName.c_str(), // the data
newName.length(), // length of data
SQLITE_STATIC); // this parameter is a little tricky - it's a pointer to the callback
// function that frees the data after the call to this function.
// It can be null if the data doesn't need to be freed, or like in this case,
// special value SQLITE_STATIC (the data is managed by the std::string
// object and will be freed automatically).
So, the prepared statement is ready to go. Now you execute it by passing it to sqlite3_step:
sqlite3_step(stmt); // you'll want to check the return value, read on...
Now, when you step through a statement that's supposed to return rows of a result table, this function will keep returning SQLITE_ROW as long as there are result rows to process, and SQLITE_DONE when there are none left. You can use sqlite3_column_* family of functions to get the single columns from a result row. I'll let you figure this out on your own.
For a simple update statements that you have, sqlite3_step will return SQLITE_DONE on the first call. More info and possible error codes are here.
When it's all done, you finish by destructing the prepared statement.
sqlite3_finalize(stmt);
I hope this should get you started.
Related
We have a c++ server application which is connecting to postgresql database using libpq library. Application creating 100s of connection to database and most of the connection's life time is application scope.
Initially application was running fine, but over a period of time postgres server consuming more memory for long running connections. By writing a below sample program I come to know creating prepared statements using PQsendPrepare and PQsendQueryPrepared is causing the memory consumption issue in database server.
How we can fix this server memory issue? is there any libpq function to free the memory in server?
#include <iostream>
#include <fstream>
#include <string>
#include <sstream>
#include <stdio.h>
#include <stdlib.h>
#include <libpq-fe.h>
int main(int argc, char *argv[]) {
const int LEN = 10;
const char *paramValues[1];
int paramFormats[1];
int rowId = 7369;
Oid paramTypes[1];
char str[LEN];
snprintf(str, LEN, "%d", rowId);
paramValues[0] = str;
paramTypes[0]=20;
paramFormats[0]=0;
long int c=1;
PGresult* result;
//PGconn *conn = PQconnectdb("user=scott dbname=dame");
PGconn *conn = PQsetdbLogin ("", "", NULL, NULL, "dame", "scott", "tiger") ;
if (PQstatus(conn) == CONNECTION_BAD) {
fprintf(stderr, "Connection to database failed: %s\n",
PQerrorMessage(conn));
do_exit(conn);
}
char *stm = "SELECT coalesce(ename,'test') from emp where empno=$1";
for(;;)
{
std::stringstream strStream ;
strStream << c++ ;
std::string strStatementName = "s_" + strStream.str() ;
if(PQsendPrepare(conn,strStatementName.c_str(), stm,1,paramTypes) )
{
result = PQgetResult(conn);
if (PQresultStatus(result) != PGRES_COMMAND_OK)
{
PQclear(result) ;
result = NULL ;
do
{
result = PQgetResult(conn);
if(result != NULL)
{
PQclear (result) ;
}
} while (result != NULL) ;
std::cout<<"error prepare"<<PQerrorMessage (conn)<<std::endl;
break;
}
PQclear(result) ;
result = NULL ;
do
{
result = PQgetResult(conn);
if(result != NULL)
{
PQclear (result) ;
}
} while (result != NULL) ;
}
else
{
std::cout<<"error:"<<PQerrorMessage (conn)<<std::endl;
break;
}
if(!PQsendQueryPrepared(conn,
strStatementName.c_str(),1,(const char* const *)paramValues,paramFormats,paramFormats,0))
{
std::cout<<"error:prepared "<<PQerrorMessage (conn)<<std::endl;
}
if (!PQsetSingleRowMode(conn))
{
std::cout<<"error singrow mode "<<PQerrorMessage (conn)<<std::endl;
}
result = PQgetResult(conn);
if (result != NULL)
{
if((PGRES_FATAL_ERROR == PQresultStatus(result)) || (PGRES_BAD_RESPONSE == PQresultStatus(result)))
{
PQclear(result);
result = NULL ;
do
{
result = PQgetResult(conn);
if(result != NULL)
{
PQclear (result) ;
}
} while (result != NULL) ;
break;
}
if (PQresultStatus(result) == PGRES_SINGLE_TUPLE)
{
std::ofstream myfile;
myfile.open ("native.txt",std::ofstream::out | std::ofstream::app);
myfile << PQgetvalue(result, 0, 0)<<"\n";
myfile.close();
PQclear(result);
result = NULL ;
do
{
result = PQgetResult(conn) ;
if(result != NULL)
{
PQclear (result) ;
}
}
while(result != NULL) ;
sleep(10);
}
else if(PQresultStatus(result) == PGRES_TUPLES_OK || PQresultStatus(result) == PGRES_COMMAND_OK)
{
PQclear(result);
result = NULL ;
do
{
result = PQgetResult(conn) ;
if(result != NULL)
{
PQclear (result) ;
}
}
while(result != NULL) ;
}
}
}
PQfinish(conn);
return 0;
}
Initially application was running fine, but over a period of time
postgres server consuming more memory for long running connections. By
writing a below sample program I come to know creating prepared
statements using PQsendPrepare and PQsendQueryPrepared is causing the
memory consumption issue in database server.
Well that seems unsurprising. You are generating a new prepared statement name at each iteration of your outer loop, and then creating and executing a prepared statement of that name. All the resulting, differently-named prepared statements will indeed remain in the server's memory as long as the connection is open. This is intentional.
How we can fix this server memory issue?
I'd characterize it as a program logic issue, not a server memory issue, at least as far as the test program goes. You obtain resources (prepared statements) and then allow them to hang around when you have no further use for them. The statements aren't leaked per se, as you could recreate the algorithmically-generated statement names, but the problem is similar to a resource leak. In your program, not in Postgres.
If you want to use one-off prepared statements then give them the empty string, "", as their name. Postgres calls these "unnamed" statements. Each unnamed statement you prepare will replace any previous one belonging to the same connection.
But even that's a hack. The most important feature of prepared statements in the first place is that they can be reused. Every statement prepared by your test program is identical, so not only are you wasting memory, you are also wasting CPU cycles. You should prepare it once only -- via PQsendPrepare(), or maybe simply PQprepare() -- and when it has successfully been prepared, execute it as many times as you want with PQsendQueryPrepared() or PQqueryPrepared(), passing the same statement name every time (but possibly different parameters).
is there any libpq function
to free the memory in server?
The documentation for the synchronous versions of the query functions says:
Prepared statements for use with PQexecPrepared can also be created by
executing SQL PREPARE statements. Also, although there is no libpq
function for deleting a prepared statement, the SQL DEALLOCATE
statement can be used for that purpose.
To the best of my understanding, there is only one flavor of prepared statement in Postgres, used by the synchronous and asynchronous functions alike. So no, libpq provides no function specifically for dropping prepared statements associated with a connection, but you can write a statement in SQL to do the job. Of course, it would be pointless to create a new, uniquely-named prepared statement to execute such a statement.
Most programs do not need anywhere near so many distinct prepared statements as to produce the kind of problem you report having.
I'm currently working on a project where I want to use SQLite to store some data. Everything is working well except when I want to insert new data into the table. When I run the application, I get segmentation fault, but I can't find the problem.
void sqlite(char *id, char *sensorname, char *sensorvalue){
sqlite3 *db;
char *zErrMsg = 0;
int rc;
char *sql;
const char* data = "Callback function called";
/* Open database */
rc = sqlite3_open("/home/macho/Documents/sensor_database.db", &db);
if( rc ){
fprintf(stderr, "Can't open database: %s\n", sqlite3_errmsg(db));
exit(0);
}else{
fprintf(stderr, "Opened database successfully\n");
}
sql = "INSERT INTO sensors (id,sensorname,sensorvalue) VALUES(";
char* split = ",";
strcat(sql, id);
strcat(sql, ",");
strcat(sql, sensorname);
strcat(sql, ",");
strcat(sql, sensorvalue);
strcat(sql, ");");
rc = sqlite3_exec(db, sql, callback, (void*)data, &zErrMsg);
if( rc != SQLITE_OK ){
fprintf(stderr, "SQL error: %s\n", zErrMsg);
sqlite3_free(zErrMsg);
}else{
fprintf(stdout, "Operation done successfully\n");
}
sqlite3_close(db);
}
And in the main, I'm calling the sqlite() function:
sqlite("1","sensor","sensor1");
Any idea what the problem can be?
Thanks!
You assign sql a static (read-only) string and then attempt to append to it. Instead, create a large writeable array either on the stack or use malloc and then assemble your query in that. So
char sql[4096];
strcpy(sql, "INSERT INTO sensors ...
...
Note that you should check for overflow of the buffer based on the lengths of the values.
BTW, the code as written is just asking for an SQL injection attack if accessible to users. Look up Bobby Tables.
I am trying to merge two SQL databases with same schema using C programming. As I am new to SQL, I tried the below code to merge using C programming.
But I could not merge it as I could not pass the file path in the sql statement in runtime. How to pass the file path in the below sql statement so that I can merge.
/Create SQL statement to merge two DBs/
rc = sqlite3_open(argv[1], &db); /*-----> argv[1] is old_student.db*/
if( rc )
{
printf("Can't open database: %s\n", sqlite3_errmsg(db));
exit(0);
}
else
{
printf("Opened database successfully\n");
}
/*Create SQL statement to merge two DBs*/
sql = "attach '<file_path_name>' as toMerge;\ /*--------> how to pass file path here in runtime */
BEGIN;\
insert or ignore into student_table (Name, AGE, Address)\
select Name, AGE, Address from toMerge.student_table;\
COMMIT;";
/* Execute SQL statement */
rc = sqlite3_exec(db, sql, callback, (void*)data, &zErrMsg);
if( rc != SQLITE_OK )
{
printf("SQL error: %s\n", zErrMsg);
sqlite3_free(zErrMsg);
}
else
{
printf("%s merged New_student.db successfully with old_student.db\n");
}
sqlite3_close(db);
Please let me know how should i pass the parameter in SQL statement in runtime.
Your help is highly appreciated.
Thanks in advance.
This can be accomplished by declaring the sql array as a VLA, and then using sprintf to construct the query as shown below.
static const char *prefix = "attach '";
static const char *suffix =
"' as toMerge;"
" BEGIN;"
" insert or ignore into student_table (Name, AGE, Address)"
" select Name, AGE, Address from toMerge.student_table;"
" COMMIT;";
int length = strlen(prefix) + strlen(argv[1]) + strlen(suffix) + 1;
char sql[length];
sprintf( sql, "%s%s%s", prefix, argv[1], suffix );
My goal is to insert a column into a SQLite Table and then return the entry so that I can get the primary key value. I have the following code that executes generic insert statements for me:
int SQLiteHelper::ExecuteWriteStatement(Platform::String^ statement)
{
char* zErrMsg;
int rc;
LPCWSTR input = statement->Data();
char sql[MAX_PATH + 1];
memset(sql, 0, sizeof(sql));
WideCharToMultiByte(CP_UTF8, 0, input, -1, sql, sizeof(sql), NULL, NULL);
const char* data = "Callback function called";
rc = sqlite3_exec(m_db, sql, WriteCallback, (void*)data, &zErrMsg);
if(rc != SQLITE_OK)
{
OutputDebugString(L"Failed to Write to database");
sqlite3_free(zErrMsg);
}
else
{
OutputDebugString(L"Succesfully wrote to database");
}
}
My callback is implemented as follows (note that it is a static private class method):
int SQLiteHelper::WriteCallback(void *NotUsed, int argc, char** argv, char** azColName)
{
////do some stuff
}
I am aware that I will probably use the void* NotUsed callback parameter to return data and I'm pretty sure it maps to the (void*)data from the sqlite3_exec() function call. The problem I have is that when I run an insert statement, the code does not reach the callback function.
If you run an insert command using sqlite3_exec shouldn't it call the callback method?
Is there a different sqlite command I should be using?
Thanks!
The sqlite3_exec callback gets called if the statement returns some data.
This can happen only for SELECT and some PRAGMA statements.
To get the rowid of the inserted record, call sqlite3_last_insert_rowid.
I heard of using sqlite3_prepare_v2 instead of sqlite_exec to get integers from database, but I failed to find any examples. This page wasn't helpful also. Now I am getting strings from database, so I need to parse them with atoi and this seems to be slow and ineffective.
There a lot of similar questions on SO, but they are about obj-c and iOS SDK. I need C/C++ hint or example.
Thanks in advance.
After sqlite3_prepare has succeeded, you must not forget to clean up the statement with sqlite3_finalize.
To get the result records, call sqlite3_step until it does not return SQLITE_ROW.
To get the values of the current result record, call the sqlite3_column_* functions:
sqlite3_stmt *stmt;
if (sqlite3_prepare_v2(db, "SELECT 42", -1, &stmt, NULL) != SQLITE_OK)
...error...
else {
for (;;) {
int rc = sqlite3_step(stmt);
if (rc == SQLITE_DONE)
break;
if (rc != SQLITE_ROW) {
...error...
break;
}
printf("value: %d\n", sqlite3_column_int(stmt, 0));
}
sqlite3_finalize(stmt);
}
sqlite3_column_int(result, columnNum); will return one column from the current row of your result as an int.
Your prepare function is to prepare your query, it has nothing to do with how the results are interpreted. All data in sqlite3 is stored textually, you use the appropriate function to retrieve a value in the type you believe it should be.