Solved

std::string concat

Posted on 2002-07-29
11
853 Views
Last Modified: 2013-12-14
When working with the std::string library, is there any way to concantate several string and/or char* objects into one.  For example, I want to create an SQL statement.  Is there a better way than:

std::string sql;

sql = "SELECT * FROM USERS WHERE USERNAME='";
sql += userName;
sql += "' AND PASSWORD='";
sql += password;
sql += "'";
0
Comment
Question by:dirtdart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 7186390
You could use a 'std::stringstream':

#include <sstream>

std::stringstream ss;
std::string sql;

ss << "SELECT * FROM USERS WHERE USERNAME='" << userName << "' AND PASSWORD='" << password << "'";

sql = ss.str();


0
 
LVL 30

Expert Comment

by:Axter
ID: 7186498
Anther method:

sql = std::string("SELECT * FROM USERS WHERE USERNAME='") + std::string(userName) + std::string("' AND PASSWORD='") + std::string(password) + std::string("'");

0
 
LVL 10

Expert Comment

by:oleber
ID: 7187592
After having allot of problems like that I did a child class like. Gives some work at beginning but you will be winning time in the end.

//  header file
SuperString: public std::string
{
public:
  static const int MAX_BUFFER_SIZE;
  SuperString Format(const char* format, ...);
  ...
}

// source file
const int SuperString::MAX_BUFFER_SIZE = 1024;
SuperString::Format(const char* format, ...)
{
  va_list ap;
  va_start(ap, format);
  char strBuffer[MAX_BUFFER_SIZE];
  vsprintf(strBuffer, format, ap);
  va_end(ap);
  return strBuffer;
}

// use file
SuperString sql = SuperString.Format("SELECT * FROM USERS WHERE USERNAME='%s' AND PASSWORD='%s', userName.c_str(), password.c_str());
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:fl0yd
ID: 7187613
oleber,
    the idea is good and so is the intention. The result, however, is bad. vsprintf is potentially unsafe -- it can be used to break into an otherwise safe system through a stack overflow. Neither std::string nor std::stringstream suffer from this negative effect. Personally, I'd suggest jkr's approach for two reasons: it's safe and it's clean.
0
 
LVL 10

Expert Comment

by:oleber
ID: 7187634
Sure there can be a problem, thats why I have a MAX_BUFFER_SIZE constant. If you sink that 1024 is to small you can set a bigger value.



talking about safty.

DIRTDART are you having care with the values caming for the variables login and password.

let's think about having userName="'; DELETE USERS; SELECT * FROM USERS WHERE USERNAME='" you are not the first to have that problem. I'm not saying that you have that problem.

0
 
LVL 8

Expert Comment

by:fl0yd
ID: 7187672
oleber,
    setting the max buffer size to a value isn't going to prevent vsprintf to write over the boundary. You could use vsnprintf, but that's not a standard function :(
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7187794
oleber:  I have toyed with the idea of creating a string class like you show, but although the idea is good, overall it somewhat defeats some of my purposes.  Mainly, attempting to stay away from character arrays wherever possible.  After the snafus with Microsoft code over the past year or so, the idea of buffer overflow is at the forefront of my mind.  As to the issue of rogue SQL, yes I am aware of it and need to determine the best route to deal with it.  In this case, I don't think it will matter because if I ended up with "SELECT * FROM DELETE USERS..." it wouldn't give anything but an error.

Although Axter and jkr both had good, workable solutions, I believe asthetically I like jkr's better.  All thoses casts just make the code harder to read.

Thanks everyone for your suggestions.
0
 
LVL 4

Expert Comment

by:IainHere
ID: 7190103
FYI they aren't casts in Axter's method, they're constructors.  So you're concatenating a load of temporary strings.
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7190337
Ok, I can see that.  I just wasn't taking enough time to look at it.  Wouldn't that take a lot of extra time/memory to construct each of those temp strings, combine them all together and then destroy them?
0
 
LVL 30

Expert Comment

by:Axter
ID: 7190866
>>Ok, I can see that.  I just wasn't taking enough time to
>>look at it.  Wouldn't that take a lot of extra
>>time/memory to construct each of those temp strings,
>>combine them all together and then destroy them?

Depends what you're comparing it to.
It doesn't take that much time if you compare it to the stringstream method.
In most implementations, the temp string method will out perform the stringstream method.
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7190876
hmmm.  Seems like everything about C++ and STL works exactly backward to the way it looks like it should.  I need a book, or two, or three about this.  I've probably got my code so screwed up by now that it will never perform.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is C++ STL?: STL stands for Standard Template Library and is a part of standard C++ libraries. It contains many useful data structures (containers) and algorithms, which can spare you a lot of the time. Today we will look at the STL Vector. …
  Included as part of the C++ Standard Template Library (STL) is a collection of generic containers. Each of these containers serves a different purpose and has different pros and cons. It is often difficult to decide which container to use and …
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question