从数据库中提取用户名
[英]Extracting an username from the database
问题描述
I'm relatively new to the pqxx library and so I can't seem to figure out how to get data out of the database.
我对 pqxx 库比较陌生,所以我似乎无法弄清楚如何从数据库中获取数据。
I have my header file for the DBUser class我有 DBUser 类的头文件
#pragma once
#include <string>
class DBUser
{
private:
std::string m_user, m_password;
public:
void CreateUser(std::string const& user, std::string const& pw);
void LoginUser(std::string const& user, std::string const& pw);
};
and this is the cpp with the login implementation这是带有登录实现的 cpp
#include "DBUser.h"
#include "DBLink.h"
#include <pqxx/pqxx>
void DBUser::CreateUser(std::string const& user, std::string const& pw)
{
pqxx::work worker(*DBLink::GetInstance());
try {
worker.exec0("INSERT INTO users VALUES('" + user + "', " +
"'" + worker.conn().encrypt_password(user, pw, "md5") + "')");
worker.commit();
}
catch (const std::exception& e) {
worker.abort();
throw;
}
}
void DBUser::LoginUser(std::string const& user, std::string const& pw)
{
pqxx::work worker(*DBLink::GetInstance());
try {
pqxx::result username_result = worker.exec0("SELECT username FROM users WHERE username=" + 'user');
worker.commit();
}
catch (const std::exception& e) {
worker.abort();
throw;
}
}
Whenever I try to run the program I get an error in the xstring file from c++.每当我尝试运行该程序时,我都会在 c++ 的 xstring 文件中收到错误消息。 I also tried getting the data necessary using the row class but to no success, the same error, so can somebody show me and explain how to output data from the database ?我也尝试使用 row 类获取必要的数据但没有成功,同样的错误,所以有人可以告诉我并解释如何从数据库输出数据吗?
Edit: Added the exact error im getting编辑:添加了我得到的确切错误
1 个解决方案
解决方案1
1 2021-11-11 22:09:12
Okay, you're not going to want to do it that way.好吧,你不会想那样做的。 You should use positional arguments and prepared statements.您应该使用位置参数和准备好的语句。
Look at this page:看看这个页面:
https://libpqxx.readthedocs.io/en/6.4/a01480.html https://libpqxx.readthedocs.io/en/6.4/a01480.html
For instance, here's some code of mine:例如,这是我的一些代码:
static constexpr char const * INSERT_LIST { "author_id, series_id" };
void DB_AuthorSeries_Base::doInsert(pqxx::connection &conn, AuthorSeries &obj) {
pqxx::work work {conn};
string sql { string{"INSERT INTO author_series ("} + INSERT_LIST + ") VALUES (nullif($1, 0), nullif($2, 0)) RETURNING id" };
pqxx::result results = work.exec_params(sql,
obj.getAuthorId(),
obj.getSeriesId());
work.commit();
obj.setId(results[0][0].as<int>());
}
Notice the $1, T2, etc.注意 $1、T2 等。
Now, I don't know if your insert statement is going to do what you want, as I always use createuser .现在,我不知道您的 insert 语句是否会执行您想要的操作,因为我总是使用createuser 。 BUT... It is a very very VERY bad habit to let your SQL calls have raw data in them.但是...让您的 SQL 调用中包含原始数据是一个非常非常非常坏的习惯。 That's how SQL injection attacks where, where people write naughty data into your app in order to hack into your system.这就是 SQL 注入攻击的方式,人们将顽皮的数据写入您的应用程序以入侵您的系统。
Never, never, never do that.永远,永远,永远不要那样做。 Always have your data in prepared statements similar to what I'm showing here.始终将您的数据放在与我在这里展示的类似的准备好的语句中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.