在C語言中使用MySQL查詢參數(shù)化,是一種非常重要的技術(shù)。參數(shù)化的查詢可以防止SQL注入攻擊,并提高查詢效率。本文將介紹如何使用C語言和MySQL查詢參數(shù)化。
#include <mysql/mysql.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
MYSQL *con = mysql_init(NULL);
if (con == NULL) {
fprintf(stderr, "mysql_init() failed\n");
exit(1);
}
if (mysql_real_connect(con, "localhost", "user", "password",
"database", 0, NULL, 0) == NULL) {
fprintf(stderr, "mysql_real_connect() failed: %s\n",
mysql_error(con));
mysql_close(con);
exit(1);
}
MYSQL_STMT *stmt = mysql_stmt_init(con);
if (stmt == NULL) {
fprintf(stderr, "mysql_stmt_init() failed\n");
exit(1);
}
if (mysql_stmt_prepare(stmt, "SELECT * FROM users WHERE name = ?",
strlen("SELECT * FROM users WHERE name = ?")) != 0) {
fprintf(stderr, "mysql_stmt_prepare() failed: %s\n",
mysql_stmt_error(stmt));
mysql_stmt_close(stmt);
mysql_close(con);
exit(1);
}
char name[64] = "Alice";
MYSQL_BIND param;
memset(¶m, 0, sizeof(param));
param.buffer_type = MYSQL_TYPE_STRING;
param.buffer = (char *) name;
param.buffer_length = strlen(name);
if (mysql_stmt_bind_param(stmt, ¶m) != 0) {
fprintf(stderr, "mysql_stmt_bind_param() failed: %s\n",
mysql_stmt_error(stmt));
mysql_stmt_close(stmt);
mysql_close(con);
exit(1);
}
if (mysql_stmt_execute(stmt) != 0) {
fprintf(stderr, "mysql_stmt_execute() failed: %s\n",
mysql_stmt_error(stmt));
mysql_stmt_close(stmt);
mysql_close(con);
exit(1);
}
MYSQL_RES *result = mysql_stmt_result_metadata(stmt);
int num_fields = mysql_num_fields(result);
MYSQL_ROW row;
while (mysql_stmt_fetch(stmt) == 0) {
row = mysql_stmt_fetch_row(stmt);
printf("%s %s\n", row[0], row[1]);
}
mysql_free_result(result);
mysql_stmt_close(stmt);
mysql_close(con);
return 0;
}代碼中,使用mysql_stmt_prepare()函數(shù)來預(yù)處理MySQL語句,該函數(shù)可以接收一個帶有占位符"?"的查詢語句。使用mysql_stmt_bind_param()函數(shù)來綁定參數(shù),該函數(shù)將一個MYSQL_BIND結(jié)構(gòu)體作為參數(shù),用于描述綁定查詢參數(shù)的元數(shù)據(jù)和數(shù)據(jù)緩沖區(qū)。
最后,使用mysql_stmt_execute()函數(shù)執(zhí)行查詢,并使用mysql_stmt_fetch()函數(shù)來獲取查詢結(jié)果。通過這種方式,我們可以使用C語言和MySQL查詢參數(shù)化。這種方法不僅可以防止SQL注入攻擊,而且可以提高查詢效率。