Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

std::string concat

Posted on 2002-07-29
11
Medium Priority
?
861 Views
Last Modified: 2013-12-14
When working with the std::string library, is there any way to concantate several string and/or char* objects into one.  For example, I want to create an SQL statement.  Is there a better way than:

std::string sql;

sql = "SELECT * FROM USERS WHERE USERNAME='";
sql += userName;
sql += "' AND PASSWORD='";
sql += password;
sql += "'";
0
Comment
Question by:dirtdart
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 400 total points
ID: 7186390
You could use a 'std::stringstream':

#include <sstream>

std::stringstream ss;
std::string sql;

ss << "SELECT * FROM USERS WHERE USERNAME='" << userName << "' AND PASSWORD='" << password << "'";

sql = ss.str();


0
 
LVL 30

Expert Comment

by:Axter
ID: 7186498
Anther method:

sql = std::string("SELECT * FROM USERS WHERE USERNAME='") + std::string(userName) + std::string("' AND PASSWORD='") + std::string(password) + std::string("'");

0
 
LVL 10

Expert Comment

by:oleber
ID: 7187592
After having allot of problems like that I did a child class like. Gives some work at beginning but you will be winning time in the end.

//  header file
SuperString: public std::string
{
public:
  static const int MAX_BUFFER_SIZE;
  SuperString Format(const char* format, ...);
  ...
}

// source file
const int SuperString::MAX_BUFFER_SIZE = 1024;
SuperString::Format(const char* format, ...)
{
  va_list ap;
  va_start(ap, format);
  char strBuffer[MAX_BUFFER_SIZE];
  vsprintf(strBuffer, format, ap);
  va_end(ap);
  return strBuffer;
}

// use file
SuperString sql = SuperString.Format("SELECT * FROM USERS WHERE USERNAME='%s' AND PASSWORD='%s', userName.c_str(), password.c_str());
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:fl0yd
ID: 7187613
oleber,
    the idea is good and so is the intention. The result, however, is bad. vsprintf is potentially unsafe -- it can be used to break into an otherwise safe system through a stack overflow. Neither std::string nor std::stringstream suffer from this negative effect. Personally, I'd suggest jkr's approach for two reasons: it's safe and it's clean.
0
 
LVL 10

Expert Comment

by:oleber
ID: 7187634
Sure there can be a problem, thats why I have a MAX_BUFFER_SIZE constant. If you sink that 1024 is to small you can set a bigger value.



talking about safty.

DIRTDART are you having care with the values caming for the variables login and password.

let's think about having userName="'; DELETE USERS; SELECT * FROM USERS WHERE USERNAME='" you are not the first to have that problem. I'm not saying that you have that problem.

0
 
LVL 8

Expert Comment

by:fl0yd
ID: 7187672
oleber,
    setting the max buffer size to a value isn't going to prevent vsprintf to write over the boundary. You could use vsnprintf, but that's not a standard function :(
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7187794
oleber:  I have toyed with the idea of creating a string class like you show, but although the idea is good, overall it somewhat defeats some of my purposes.  Mainly, attempting to stay away from character arrays wherever possible.  After the snafus with Microsoft code over the past year or so, the idea of buffer overflow is at the forefront of my mind.  As to the issue of rogue SQL, yes I am aware of it and need to determine the best route to deal with it.  In this case, I don't think it will matter because if I ended up with "SELECT * FROM DELETE USERS..." it wouldn't give anything but an error.

Although Axter and jkr both had good, workable solutions, I believe asthetically I like jkr's better.  All thoses casts just make the code harder to read.

Thanks everyone for your suggestions.
0
 
LVL 4

Expert Comment

by:IainHere
ID: 7190103
FYI they aren't casts in Axter's method, they're constructors.  So you're concatenating a load of temporary strings.
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7190337
Ok, I can see that.  I just wasn't taking enough time to look at it.  Wouldn't that take a lot of extra time/memory to construct each of those temp strings, combine them all together and then destroy them?
0
 
LVL 30

Expert Comment

by:Axter
ID: 7190866
>>Ok, I can see that.  I just wasn't taking enough time to
>>look at it.  Wouldn't that take a lot of extra
>>time/memory to construct each of those temp strings,
>>combine them all together and then destroy them?

Depends what you're comparing it to.
It doesn't take that much time if you compare it to the stringstream method.
In most implementations, the temp string method will out perform the stringstream method.
0
 
LVL 5

Author Comment

by:dirtdart
ID: 7190876
hmmm.  Seems like everything about C++ and STL works exactly backward to the way it looks like it should.  I need a book, or two, or three about this.  I've probably got my code so screwed up by now that it will never perform.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
The viewer will learn how to use and create new code templates in NetBeans IDE 8.0 for Windows.

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question