inseting data in a mysql database with prepared query
-
Hello everybody , i am unable to send data to a table by using prepared query when the user write the apostrophi symbol in his data ('). That is my code :
QSqlQuery req; req.prepare("insert into fournisseur (nom,ville,matriculefour,info_supp) values( :nom, :ville, :matricule , :info_supp)"); req.bindValue(":nom", four->getNom()); req.bindValue(":ville", four->getVille()); req.bindValue(":matricule", matricule); req.bindValue(":info_supp",four->getInfoSupp()); //requete fini if(!req.exec(count)){ err.status = false; err.code = 125; err.msg = req.lastError().text() +" [ "+req.lastQuery()+"] "; return err; }else{ err.status = true; err.code = 200; err.msg = "Ajout du fournisseur reussit"; return err; }i am using Qt 5.3.0 on windows 8.1; the result i have is that:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'bh')' at line 1 QMYSQL: Unable to execute query [ INSERT INTO fournisseur(nom,ville,matriculefour,info_supp)values(' hfn' ,'hucm' ,'25hhuc', 'huio'bh')]in this case the user as type huio'bh and it has to be insert into the column info_supp which is the last column
-
Hello everybody , i am unable to send data to a table by using prepared query when the user write the apostrophi symbol in his data ('). That is my code :
QSqlQuery req; req.prepare("insert into fournisseur (nom,ville,matriculefour,info_supp) values( :nom, :ville, :matricule , :info_supp)"); req.bindValue(":nom", four->getNom()); req.bindValue(":ville", four->getVille()); req.bindValue(":matricule", matricule); req.bindValue(":info_supp",four->getInfoSupp()); //requete fini if(!req.exec(count)){ err.status = false; err.code = 125; err.msg = req.lastError().text() +" [ "+req.lastQuery()+"] "; return err; }else{ err.status = true; err.code = 200; err.msg = "Ajout du fournisseur reussit"; return err; }i am using Qt 5.3.0 on windows 8.1; the result i have is that:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'bh')' at line 1 QMYSQL: Unable to execute query [ INSERT INTO fournisseur(nom,ville,matriculefour,info_supp)values(' hfn' ,'hucm' ,'25hhuc', 'huio'bh')]in this case the user as type huio'bh and it has to be insert into the column info_supp which is the last column
Just a quick question?
What exactly iscountin yourreq.execstatement and what is stored incount?As far as I read the doc correctly
QSqlQuery::exec(QString &query)executes the sql statement stored in the stringquery. -
@adonisQt97 said:
Hi- 'huio'bh'
This is not valid data. If you allow user to use single quotes, you
must escape it by using an extra one.
As far as I know :)
Maybe you can use QString::Replace to do it easy on save.
- 'huio'bh'
-
Just a quick question?
What exactly iscountin yourreq.execstatement and what is stored incount?As far as I read the doc correctly
QSqlQuery::exec(QString &query)executes the sql statement stored in the stringquery.@the_ yes i have see this error later but when i modify the code a execute the good query i have another error
Using unsupported buffer type: 6741409 (parameter: 1) QMYSQL3: Unable to bind value [ insert into fournisseur (nom,ville,matriculefour,info_supp) values( ?,?,? ,?) ] -
@adonisQt97 said:
Using unsupported buffer type:
when i check the features of the QMYSQL3 diver like this :qDebug() << appBD.driver()->hasFeature(QSqlDriver::PositionalPlaceholders); qDebug() << appBD.driver()->hasFeature(QSqlDriver::PreparedQueries); qDebug() << appBD.driver()->hasFeature(QSqlDriver::NamedPlaceholders);i obtaint
false false falsedo anybody have another solution?
-
Hi,
You can build the query by hand using e.g.
QString::args.
For example:QString("insert into fournisseur (nom) values(%1)").arg(four->nom())or
"insert into fournisseur (nom) values(" + four->nom() + ")"
