QSqlQuery and Stored Procedure
-
Hi , I have a problem retrieving results from a stored procedure call, below code example with comments
@
// doing this works fine, but not if security is important (sql injection)
QString sql = QString("CALL userExists('%1')").arg(username);
QSqlQuery query;
query.exec(sql);while (query.next()) {
// here I receive expected result !!
}
@now the same code gets rewritten with binding parameters
@
QSqlQuery binding;
bool prep_success = binding.prepare("CALL userExists(?)");// prep_success == true
binding.bindValue(0, username); bool return_success = binding.exec();
// return_success == true
// here while statement never gets executed because .next() returns false while(binding.next()) { qDebug() << "Column : " << binding.value(0); }
// .size() = -1
// .isValid() = false// additional info
// driver : QMYSQL
// MySQL server version: 5.6.16.0
// has prepared queries: true
// has namedplaceholdes: false
// has positionalplacedholders: true
// has unicode: true
@Also the stored procedure is a simple " SELECT * FROM
user
";
but the point here is binding the parameters and retrieving the results.Why can't I get the results when using .exec() with binding parameters ?
-
As far as I remember MySQL introduced stored procedures in version 5.x and there is no support yet for binding parameters for procedures.