Re: Programmers toolkit - C api sprintf-like mysql_query()

From: Peter H. Coffin <hellsop_at_ninehells.com>
Date: Tue, 4 Jul 2017 18:26:35 -0500
Message-ID: <slrnolo91b.4ah.hellsop_at_nibelheim.ninehells.com>

On Sun, 02 Jul 2017 12:26:08 -0400, Lew Pitcher wrote:
> I've recently taken up writing some C code to access mysql databases. One
> tedious part of that process is the preparation of query statements (not
> "prepared statement" queries, however) using program-supplied values.
>
> Typically, to me, that means using sprintf() on a query string like
> "INSERT name, number VALUES ('%s',%d) INTO table"
> to plug in the program-supplied values, then executing mysql_query() on the
> resulting string to actually perform the query.
>
> Yes, I know that I could use a "prepared statement", but for the code I'm
> writing, that would be overkill. However, the sprintf()/mysql_query()
> sequence occurs often enough (and there doesn't seem to be an equivalent
> mysql_*() api) that I encapsulated it into a single function.

So you want to do something that's almost exactly like using prepared statements, but doing prepared statements is "overkill"? You're already doing 95% of the (nominal, very small) amount of extra work involved. And prepared statements also address the issue Jerry brings up.

What's "overkill" about using two statements instead of one?

-- 
I don't have a sense of humour, merely an over-exaggerated sense of 
revenge.
              -- Stephen Harris

Received on Wed Jul 05 2017 - 01:26:35 CEST

This message: [ Message body ]
Next message: Lew Pitcher: "Re: Programmers toolkit - C api sprintf-like mysql_query()"
In reply to Lew Pitcher: "Programmers toolkit - C api sprintf-like mysql_query()"
Next in thread: Lew Pitcher: "Re: Programmers toolkit - C api sprintf-like mysql_query()"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message