Reputation: 395
I was wondering if it is possible to build a string with the following code
char query[512];
char *insert = "insert into tableName values("%s, "%s");"
strcpy(query, insert);
method("max", "1234"); //function which adds values inro %s
My questions, how can I add another char array into in place of %s if it is possible? Thanks beforehand.
Upvotes: 1
Views: 573
Reputation: 558
use sprintf() so that you can replace the %s with char array https://linux.die.net/man/3/sprintf
char query[512];
char *insert = "insert into tableName values(\'%s\',\'%s\');";
sprintf(query, insert, "max","234");
printf("%s",query);
This is actually a bad approach. This will introduce SQL Injection vulnerabilities.
Upvotes: 2