Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

QSqlQuery and Stored Procedure



  • Hi , I have a problem retrieving results from a stored procedure call, below code example with comments

    @
    // doing this works fine, but not if security is important (sql injection)
    QString sql = QString("CALL userExists('%1')").arg(username);
    QSqlQuery query;
    query.exec(sql);

            while (query.next())
            {
    

    // here I receive expected result !!
    }
    @

    now the same code gets rewritten with binding parameters

    @
    QSqlQuery binding;
    bool prep_success = binding.prepare("CALL userExists(?)");

    // prep_success == true

        binding.bindValue(0, username);
    
        bool return_success = binding.exec();
    

    // return_success == true

        // here while statement never gets executed because .next() returns false
        while(binding.next()) {
            qDebug() << "Column : " << binding.value(0);
        }
    

    // .size() = -1
    // .isValid() = false

    // additional info

    // driver : QMYSQL
    // MySQL server version: 5.6.16.0
    // has prepared queries: true
    // has namedplaceholdes: false
    // has positionalplacedholders: true
    // has unicode: true
    @

    Also the stored procedure is a simple " SELECT * FROM user ";
    but the point here is binding the parameters and retrieving the results.

    Why can't I get the results when using .exec() with binding parameters ?



  • As far as I remember MySQL introduced stored procedures in version 5.x and there is no support yet for binding parameters for procedures.


Log in to reply