Reputation: 321
C - Create const char* from char[]
This seems simple but I'm new to C and can't find anyone asking this online. I have a char[] that I set with sprintf. Then I need to make a const char* from that char[]. Is that possible or do I need to play around with my types? I need a const char* to enter into a MySQL query, but I need the char[] because I need to use sprintf to insert variable values into the result. Here is the code snippet:
char sqlbuff[4096];
const char* sqlquery;
sprintf(sqlbuff, " %s %s ",
"SELECT idnum FROM idTbl WHERE idCol =", idVar);
sqlquery = &sqlbuff;
if ( mysql_query(con, sqlquery) )
{
finish_with_error(con);
}
I've tried setting the const char variable in multiple ways, but I always get an error. If I hardcode a value for idVar and simply run
mysql_query(con, "SELECT idnum FROM idTbl WHERE idCol = 1300)
it works fine. The problem is I need to use sprintf to utilize the variable. All help is appreciated.
Edit: Running on HP-UX 11.11
Upvotes: 0
Views: 979
Answers (2)
Reputation:
This line is wrong:
sqlquery = &sqlbuff;
sqlbuff has type char [], so taking its address gives you a pointer to array, type char (*)[]. You just want a pointer to the first char (type char *), and evaluating the identifier of an array results in such a pointer in most contexts (there are some exceptions like when used with sizeof). So, just write
sqlquery = sqlbuff;
That said, there's no need to have a separate pointer variable at all. sqlbuff evaluates to char *, and a pointer is convertable to its const-qualified counterpart implicitly. Just pass sqlbuff directly where a const char * is expected and it will work.
Another thing should be mentioned although not directly related to your question: You should never construct SQL queries from user input using string operations. Attackers can easily inject own SQL code this way. Read the documentation of your SQL client library and look for prepared statements and parameter binding and use this everywhere user input needs to be a parameter in a SQL query.
And one more hint: If you find yourself writing code like
sprintf("%s", "foobar");
e.g., you're giving a constant string for a %s conversion, you're doing it wrong. Just make your constant string part of your format-string.
Upvotes: 3
Reputation: 180171
I need to make a
const char*from thatchar[]
From your code sample, it seems that what you mean is that you want a const char * that points to the contents of your char[]. That's devastatingly easy:
sqlquery = sqlbuff;
This is because values of array type are automatically converted to pointers in almost all expression contexts, and because it is allowed to assign a value of non-const type to a variable of the corresponding const-qualified type.
Moreover, for what you show, you don't even need the variable. You can just specify the identifier of the array as the argument to mysql_query. The same automatic conversion from array to pointer applies here, and you can reasonably interpret the const qualifier in the type of its second argument as a promise that that function will not try to modify the pointed-to data.:
mysql_query(con, sqlbuf);
On the other hand, your attempt,
sqlquery = &sqlbuff; // wrong
, generates a pointer of the wrong type. &sqlbuf is a pointer to an array, whereas sqlquery is declared to be a pointer to a char. A pointer to the first char of a char[] will point to the same place as a pointer to the whole array, but the two have different types.
Upvotes: 2
Related Questions
- How to convert const char* to char* in C?
- How to assign to char from const char *
- How to cast char* to char *const* in C
- Adding variables to char *
- C - Fetch MySQL row to char
- getting a single const char * in c
- const char on c which same variable but diference value
- connecting chars*
- Create extern char array in C
- How to put values to const char **?