sprintf segfaults

[Robert Mens]

Alright, here's my code:

int mysql_user_login(char * username, char * password)
{
MYSQL_RES *res_set;
char * sql_query;
sprintf(&sql_query, "SELECT * FROM users WHERE username=%s AND
password=%s", username, password);
if(mysql_query (conn, sql_query) != 0 )
{
print_error (conn, "mysql_query() failed");
return 1;
}else{
return 0;
}
}

Why does it segfault?

btw my compiler says:
mysql.c:63: warning: passing arg 1 of `sprintf' from incompatible pointer
type

Thanks in advance,

Robert

 

[Christopher Benson-Manica]

char * sql_query;
sprintf(&sql_query, "SELECT * FROM users WHERE username=%s AND

Why does it segfault?

Because you declared sql_query as a character pointer, and then failed to
allocate any space for it to point at. Either use a static character array
(quite possibly what you want) or look at malloc().

btw my compiler says:
mysql.c:63: warning: passing arg 1 of `sprintf' from incompatible pointer
type

Look at the prototype for sprintf, and then think about what the type of
&sql_query is. It does not fit the prototype - this will cause a segfault all
by itself, even after you fix your first problem above.

 

[j]

Because you declared sql_query as a character pointer, and then failed to
allocate any space for it to point at. Either use a static character array
(quite possibly what you want) or look at malloc().

If the length of what user and password point to is unknown, and since the
OP is using sprintf, then he should go with a dynamic buffer.

To OP: (althought off-topic for this newsgroup)
Check your MySQL API documentation for ``mysql_real_escape_string'',
assuming that you haven't escaped the contents to which username and
password point to, you would want to, to prevent SQL Injection.

 

[Kelsey Bjarnason]

Alright, here's my code:

int mysql_user_login(char * username, char * password)
{
MYSQL_RES *res_set;
char * sql_query;
sprintf(&sql_query, "SELECT * FROM users WHERE username=%s AND
password=%s", username, password);
if(mysql_query (conn, sql_query) != 0 )
{
print_error (conn, "mysql_query() failed");
return 1;
}else{
return 0;
}
}

Why does it segfault?

btw my compiler says:
mysql.c:63: warning: passing arg 1 of `sprintf' from incompatible pointer
type

This should be a big hint. What type does sprintf want for its first
parameter? A pointer-to-char, right? But you're passing a pointer to
pointer to char: a char **. Lose the &.

However... that's just problem 1. Problem 2 is, sql_query doesn't
actually point at any memory to store the printed buffer in, so the print
is writing God knows where, with bad results. Allocate some memory, use a
static buffer of appropriate size, whatever. If you do allocate it on the
fly, remember to free it as needed as well.