从Printf()传递值 [英] Passing A Value From Printf()

问题描述

我有一个可以在屏幕上正常显示的IP地址.我需要获取它的值并将其包含在SQL语句中，我该怎么做?

I have an IP address that displays on screen fine. I need to grab the value of that and include it in a SQL statement how would I do that?

// Checks the protocol IP is encapsulating
     memset( ipSrc, 0x00, sizeof(ipSrc) );
     memset( ipDest, 0x00, sizeof(ipDest) );
     translate_ip(ip_header->source_ip, ipSrc);
     translate_ip(ip_header->destination_ip, ipDest);
     char ipSrc[20]
     // Read http://www.ietf.org/rfc/rfc1700.txt?number=1700
     if ( bShowTCP )
       {
       printf("\n -------------------- // -------------------- ");
       printf("\n TCP Header:");

       int *addressValue = new int();
       char *address = LIP;
       inet_pton(AF_INET, address, addressValue);
         if (ip_header->source_ip == *addressValue)
         {
         printf("\n   Source      IP: %s", "0.0.0.0");
         printf("\n   Destination IP: %s", ipDest);
         }
         else
         {
         printf("\n   Source      IP: %s", ipSrc);
         printf("\n   Destination IP: %s", ipDest);
         (mysql_real_connect(conn,"urlock.db.5513143.hostedresource.com","urlock","Admin1234","urlock",0,NULL,0) !=0);
         (mysql_query(conn,"SELECT COUNT(*) FROM tblURLIP WHERE IP = 'ipSrc' And IPStatus = '1' And IPMax = '0'"));
         my_ulonglong i = 0;
         res_set = mysql_store_result(conn);
         my_ulonglong numrows = mysql_num_rows(res_set);
         LEGIT = mysql_fetch_row(res_set);

推荐答案

不要假设您来自php吗?

Don''t suppose you''re comming from php?

char quaeryString[1024];

sprintf(queryString, "SELECT COUNT(*) FROM tblURLIP WHERE IP = ''%s'' AND IPStatus = ''1'' AND IPMax = ''0''", ipSrc);

...
...
...

mysql_query(conn, queryString);

....
....

:咧嘴:-我只是问，因为代码看起来很像php代码，可以完成同一任务..

好吧，C ++只是C的一个超集-也就是说，如果它在C中，那么它在C ++中(大体上)

假设您使用printf(C)而不是cout(C ++)进行输出，那么我假设该解决方案是可以接受的.老实说，如果不使用任何sprintf，我不知道如何立即执行此操作.我想这(或类似的东西)可以解决问题:

:grins: - I just ask because the code looks very much like php code for the same task..

Well, C++ is simply a superset of C - that is to say if it''s in C, it''s in C++ (by and large)

Given that you''re using printf(C) rather cout(C++) for output, I''d assumed that the solution would be acceptable. To be honest, I don''t know off-hand how to do this without using any sprintf. I would suppose that this (or something quite similar) would do the trick:

string queryString;

queryString = "SELECT COUNT(*) FROM tblURLIP WHERE IP = ''";
queryString += ipSrc;
queryString += "'' AND IPStatus = ''1'' AND IPMax = ''0''"

mysql_query(conn, queryStr.c_str());

除非将MYSQL函数包装在一个类中，否则它们实际上也是C函数(请注意，我必须让字符串类为我提供一个我可以提供给mysql_query函数的C样式字符串). > 还考虑到mysql函数需要C样式的字符串，在将C样式的字符串转换为C ++字符串对象之前，转换回ac样式的字符串，准备好手动输入mysl_query，这似乎是可耻的浪费-所有这些都是为了使您可以在查询字符串中插入包含IP地址的字符串.

您可以在一行中将多个字符串一起添加以创建C ++字符串
这行不通

Unless the MYSQL functions have been wrapped up inside a class, they''re also actually C functions (note that I have to ask the string class to give me a C-style string that I can give to the mysql_query function)
Given also that the mysql functions want a C style string, it seems a shameful waste to convert C style strings to a C++ string object, before converting back to a c style string, ready to be hand-balled off to mysl_query - all simply so that you can insert the string containing the IP address into your query string.

You can''d add multiple strings together in a single line to create a C++ string
This won''t work

string myString;
char *myName = "enhzflep"
myString = "Hello " + myName + " welcome to World";

C ++功能等效项为:

The C++ functional equivalent would be:

string myString;
char *myName = "enhzflep";
myString = "Hello ";
myString += myName;
myString += " welcome to World";

在C语言中，使用sprintf可以在一次扫描中完成此字符串连接.

While in C, using sprintf this string concatenation CAN be done in a single-swoop.

char *myName = "enhzflep";
const int bufferSize = 1024;
char myString[bufferSize];
sprintf(myString, "Hello %s welcome to World", myName);

但是，您会注意到(a)我必须管理用于queryString的内存，并且(b)我的代码不检查所计算的字符串是否实际上适合我为此允许的1024字节缓冲区.

C ++字符串自动管理它们自己的内存，因此您不会遇到这种危险-尽管仍然需要严格检查是否首先检查了插入SQL语句的用户输入文本的有效性.


在ID Software的一款老游戏中可以找到缓冲区溢出的一个典型示例.在地震中，有一些代码检查可用的图形卡扩展.当时，对于约翰·卡马克(John Carmack)来说，谨慎的做法是使用1024字节缓冲区来存储所有这些扩展名.随着时间的推移，支持的扩展数量也增加了(现在有几百个，通常使用10-15字节长的名称)，显然，有一段时间所有的名称都不再适合此1024字节的缓冲区.
这才是真正的关键:您想知道解决方案是什么(因为那时的解决方案不再是全新的，而且早在基于Internet的游戏更新时代之前)

如果代码正在运行glGetSupportedExtensions(或确切的函数名称，我忘了)，请检查(显卡)图形驱动程序的编写者是否接受过地震.如果是这样，它们返回了一个截断的字符串-图形驱动程序内部的黑客行为，以允许已经发布的产品出现笨拙的错误！

However, you will note that (a) I have to manage the memory used for the queryString and that (b) my code makes no check that the computed string will in fact fit into the 1024 byte buffer I''ve allowed for this.

C++ strings automatically manage their own memory, so you wont run into this kind of danger - though one does still need to rigorous in checking that any user-entered text that gets inserted into an SQL statement is first checked for validity.


A prime example of buffer overrun may be found in one of ID Software''s old games. In quake, there is some code that checks for the available graphics card etensions. At the time, 1024 byte buffer to store the name of all of these extensions seemed prudent to John Carmack. With time the number of extension supported grew (There are now several hundred, often with 10-15 byte long names), obviously, there came a time when all of the names would no longer fit into this 1024 byte buffer.
Here''s the real kicker: You wanna know what the fix was (for what was by then no longer brand-new, and long before the days of internet-based game-updates)

THE WRITERS OF (video-card) GRAPHICS DRIVERS CHECKED TO SEE IF THE CODE RUNNING THE glGetSupportedExtensions (or whatever the exact function name is, I forget) WAS QUAKE. IF SO, THEY RETURNED A TRUNCATED STRING - A hack inside of graphics drivers to allow for a clumsy mistake in an already released product!!

这篇关于从Printf()传递值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！