?
Solved

std::string concat

Posted on 2002-07-29
11
Medium Priority
?
856 Views
Last Modified: 2013-12-14
When working with the std::string library, is there any way to concantate several string and/or char* objects into one.  For example, I want to create an SQL statement.  Is there a better way than:

std::string sql;

sql = "SELECT * FROM USERS WHERE USERNAME='";
sql += userName;
sql += "' AND PASSWORD='";
sql += password;
sql += "'";
0
Comment
Question by:dirtdart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 400 total points
ID: 7186390
You could use a 'std::stringstream':

#include <sstream>

std::stringstream ss;
std::string sql;

ss << "SELECT * FROM USERS WHERE USERNAME='" << userName << "' AND PASSWORD='" << password << "'";

sql = ss.str();


0
 
LVL 30

Expert Comment

by:Axter
ID: 7186498
Anther method:

sql = std::string("SELECT * FROM USERS WHERE USERNAME='") + std::string(userName) + std::string("' AND PASSWORD='") + std::string(password) + std::string("'");

0
 
LVL 10

Expert Comment

by:oleber
ID: 7187592
After having allot of problems like that I did a child class like. Gives some work at beginning but you will be winning time in the end.

//  header file
SuperString: public std::string
{
public:
  static const int MAX_BUFFER_SIZE;
  SuperString Format(const char* format, ...);
  ...
}

// source file
const int SuperString::MAX_BUFFER_SIZE = 1024;
SuperString::Format(const char* format, ...)
{
  va_list ap;
  va_start(ap, format);
  char strBuffer[MAX_BUFFER_SIZE];
  vsprintf(strBuffer, format, ap);
  va_end(ap);
  return strBuffer;
}

// use file
SuperString sql = SuperString.Format("SELECT * FROM USERS WHERE USERNAME='%s' AND PASSWORD='%s', userName.c_str(), password.c_str());
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:fl0yd
ID: 7187613
oleber,
    the idea is good and so is the intention. The result, however, is bad. vsprintf is potentially unsafe -- it can be used to break into an otherwise safe system through a stack overflow. Neither std::string nor std::stringstream suffer from this negative effect. Personally, I'd suggest jkr's approach for two reasons: it's safe and it's clean.
0
 
LVL 10

Expert Comment

by:oleber
ID: 7187634
Sure there can be a problem, thats why I have a MAX_BUFFER_SIZE constant. If you sink that 1024 is to small you can set a bigger value.



talking about safty.

DIRTDART are you having care with the values caming for the variables login and password.

let's think about having userName="'; DELETE USERS; SELECT * FROM USERS WHERE USERNAME='" you are not the first to have that problem. I'm not saying that you have that problem.

0
 
LVL 8

Expert Comment

by:fl0yd
ID: 7187672
oleber,
    setting the max buffer size to a value isn't going to prevent vsprintf to write over the boundary. You could use vsnprintf, but that's not a standard function :(
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7187794
oleber:  I have toyed with the idea of creating a string class like you show, but although the idea is good, overall it somewhat defeats some of my purposes.  Mainly, attempting to stay away from character arrays wherever possible.  After the snafus with Microsoft code over the past year or so, the idea of buffer overflow is at the forefront of my mind.  As to the issue of rogue SQL, yes I am aware of it and need to determine the best route to deal with it.  In this case, I don't think it will matter because if I ended up with "SELECT * FROM DELETE USERS..." it wouldn't give anything but an error.

Although Axter and jkr both had good, workable solutions, I believe asthetically I like jkr's better.  All thoses casts just make the code harder to read.

Thanks everyone for your suggestions.
0
 
LVL 4

Expert Comment

by:IainHere
ID: 7190103
FYI they aren't casts in Axter's method, they're constructors.  So you're concatenating a load of temporary strings.
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7190337
Ok, I can see that.  I just wasn't taking enough time to look at it.  Wouldn't that take a lot of extra time/memory to construct each of those temp strings, combine them all together and then destroy them?
0
 
LVL 30

Expert Comment

by:Axter
ID: 7190866
>>Ok, I can see that.  I just wasn't taking enough time to
>>look at it.  Wouldn't that take a lot of extra
>>time/memory to construct each of those temp strings,
>>combine them all together and then destroy them?

Depends what you're comparing it to.
It doesn't take that much time if you compare it to the stringstream method.
In most implementations, the temp string method will out perform the stringstream method.
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7190876
hmmm.  Seems like everything about C++ and STL works exactly backward to the way it looks like it should.  I need a book, or two, or three about this.  I've probably got my code so screwed up by now that it will never perform.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
Update (December 2011): Since this article was published, the things have changed for good for Android native developers. The Sequoyah Project (http://www.eclipse.org/sequoyah/) automates most of the tasks discussed in this article. You can even fin…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question