QSqlQuery and Stored Procedure



  • Hi , I have a problem retrieving results from a stored procedure call, below code example with comments

    @
    // doing this works fine, but not if security is important (sql injection)
    QString sql = QString("CALL userExists('%1')").arg(username);
    QSqlQuery query;
    query.exec(sql);

            while (query.next())
            {
    

    // here I receive expected result !!
    }
    @

    now the same code gets rewritten with binding parameters

    @
    QSqlQuery binding;
    bool prep_success = binding.prepare("CALL userExists(?)");

    // prep_success == true

        binding.bindValue(0, username);
    
        bool return_success = binding.exec();
    

    // return_success == true

        // here while statement never gets executed because .next() returns false
        while(binding.next()) {
            qDebug() << "Column : " << binding.value(0);
        }
    

    // .size() = -1
    // .isValid() = false

    // additional info

    // driver : QMYSQL
    // MySQL server version: 5.6.16.0
    // has prepared queries: true
    // has namedplaceholdes: false
    // has positionalplacedholders: true
    // has unicode: true
    @

    Also the stored procedure is a simple " SELECT * FROM user ";
    but the point here is binding the parameters and retrieving the results.

    Why can't I get the results when using .exec() with binding parameters ?



  • As far as I remember MySQL introduced stored procedures in version 5.x and there is no support yet for binding parameters for procedures.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.