堆栈内存溢出
  简体   繁体   English

插入语句的语法错误

[英]syntax error with insert statement

 原文  2014-01-21 14:26:36       c++/ c/ sqlite

问题描述

I am using c/c++ with sqlite. 我在sqlite中使用c / c ++。 My code shown below compiles but after I entered my password, I encountered this error. 下面显示的我的代码可以编译,但是输入密码后,我遇到了此错误。 

    SQL error: near "NSERT": syntax error

I am unable to identify where exactly the syntax error is. 我无法确定语法错误到底在哪里。

code 

#include <stdio.h>
#include <stdlib.h>
#include <sqlite3.h> 
#include <string>
#include <iostream>


void insertIntoTable(std::string userName,std::string password);

int main () {
    std::string userName;
    std::string password;
    std::cout << "Enter a user name" << std::endl;
    std::cin >> userName;
    std::cout << "Enter a password" << std::endl;
    std::cin >> password
    insertIntoTable(userName,password);
} 

//method to insert into table
void insertIntoTable(std::string userName,std::string password) {
    sqlite3 *db;
    char *zErrMsg = 0;
    int  rc;
    const char *sql;
    int i = 1;
    int j = 1;

    rc = sqlite3_open("test.db", &db);
    if( rc )
    {
       fprintf(stderr, "Can't open database: %s\n", sqlite3_errmsg(db));
       exit(0);
    }else
    {
       fprintf(stderr, "Opened database successfully\n");
    }
   //query
   sql = "INSERT INTO Login (_id,username,password,manager_id) "  \
         "VALUES ("+i,userName,password,j+");"; 
}

Please help. 请帮忙。 thanks 谢谢

5 个解决方案

解决方案1
 4  2014-01-21 14:42:50

sql = "INSERT INTO Login (_id,username,password,manager_id) "  \
      "VALUES ("+i,userName,password,j+");";

That is nonsense. 废话 You can't build strings by adding non-string values to a C-style character array or pointer; 您不能通过将非字符串值添加到C样式的字符数组或指针来构建字符串。 and the comma operator doesn't append a comma to the string, but instead discards the value of the previous expression after performing its side effects. 并且逗号运算符不会在字符串后附加逗号,而是会在执行副作用后丢弃前一个表达式的值。 This means that the whole expression is equivalent to 这意味着整个表达式等于 

sql = "INSERT..." + i;

which adds the value of i (1) to the address of a string literal to get a pointer to the second character; 它将i (1)的值添加到字符串文字的地址中以获得指向第二个字符的指针; so the overall result is NSERT INTO Login (_id,username,password,manager_id) VALUES ( 因此总体结果为NSERT INTO Login (_id,username,password,manager_id) VALUES (

You want to use std::string . 您想使用std::string In C++11, there are handy functions to convert numbers to strings: 在C ++ 11中,有一些方便的函数可以将数字转换为字符串: 

std::string sql = "INSERT INTO Login (_id,username,password,manager_id) "
                  "VALUES (" + std::to_string(i) + ',' 
                             + userName + ','
                             + password + ',' 
                             + std::to_string(j) + ");";

Historically, you would need a string-stream 从历史上看,您将需要一个字符串流 

std::stringstream s;
s << "INSERT INTO Login (_id,username,password,manager_id) VALUES ("
  << i << ',' << userName << ',' << password << ',' << j << ");";
std::string sql = s.str();

解决方案2
 2 已采纳  2014-01-21 14:55:28

All of these answers are terribly wrong. 所有这些答案都是错误的。 String interpolation for SQL query execution is the express train into injection land. 用于SQL查询执行的字符串插值是进入注入领域的快速列车。 There is no reason why you should ever use it. 没有理由您应该使用它。

The correct way is to use sqlite3_bind to bind values against placeholders in the prepared statement, ie the code should look like this: 正确的方法是在准备好的语句中使用sqlite3_bind将值绑定到占位符,即代码应如下所示: 

sql = "INSERT INTO Login (_id,username,password,manager_id) "
      "VALUES (?, ?, ?, ?);";
sqlite3_stmt* stmt;
rc = sqlite3_prepare_v2(db, sql, strlen(sql), &stmt, nullptr);
// handle rc
// Now bind the parameters.
sqlite3_bind_int(stmt, 1, i);
sqlite3_bind_text(stmt, 2, userName.c_str(), userName.size(), SQLITE_TRANSIENT);
sqlite3_bind_text(stmt, 3, password.c_str(), password.size(), SQLITE_TRANSIENT);
sqlite3_bind_int(stmt, 4, j);
// Now execute.

解决方案3
 1  2014-01-21 14:29:48

Looks like you a problem with VALUES statement: 看来您是VALUES陈述式的问题: 

VALUES ("+i,userName,password,j+");";

should be 应该 

"VALUES ("+std::to_string(i)+","+userName+","+password+","+std::to_string(j)+");";

If you don't have std::to_string (no C++11) you need some other way to convert int to std::string, like stringstream. 如果没有std :: to_string(没有C ++ 11),则需要其他方法将int转换为std :: string,例如stringstream。

解决方案4
 1  2014-01-21 14:30:04

I'm 80% sure this is how its supposed to be... not sure because its not pure SQL but.. yep 我百分之八十确定这是应该的样子……不确定,因为它不是纯SQL,而是 

sql = "INSERT INTO `Login` (`_id`, `username`, `password`, `manager_id`) "  \
     "VALUES ("+i+", '"+userName+"', '"+password+"', "+j+");";

解决方案5
 1  2014-01-21 14:47:05

You can not build strings like this.. 您不能建立这样的字符串。

You have two options.. use std::string and form a string using + operator . 您有两个选择。.使用std::string并使用+ operator形成一个string Or if you would like to pursue with char* then use code below 或者,如果您想使用char*使用以下代码 

char *sql = malloc (NumberOfCharYouNeed); //allocate sufficient chars for your purpose.

sprintf (sql, "INSERT INTO Login (_id,username,password,manager_id) VALUES (\"+%d%s%s%d+\")",i,userName,password,j);

Note: Make sure you free(sql) after your use. 注意:确保使用后释放(sql)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么此插入会产生语法错误 - why this insert gives syntax error 带有or表达式的If语句中的语法错误 - Syntax error in If-statement with or-expression SQLite3 INSERT 查询上的随机语法错误 - Random syntax error on SQLite3 INSERT query 断言语句中模板结构实例化的语法错误 - Syntax error for template struct instantiation inside assert statement 不寻常的 switch 语句 label - 为什么这不是语法错误? - unusual switch statement label - why isn't this a syntax error? 为什么Windres在GROUPBOX语句中报告语法错误? - Why does Windres report a syntax error on my GROUPBOX statement? return语句中的构造函数语法? - Constructor syntax in return statement? 字符数组和if语句语法 - Char arrays and if statement syntax 语法错误“==” - Syntax Error “==” 逗号而不是分号,为什么这个语句在C ++中没有给出语法错误? - Comma instead of semicolon, Why does this statement not give syntax error in C++?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM