LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 04-08-2008, 06:53 AM   #1
shifter
Member
 
Registered: May 2006
Distribution: Slackware, DragonFly
Posts: 233

Rep: Reputation: 30
passing parameters in string in C


How can I to pass parameters in string in C language?

For example:

char* name;
char* class;
char* instance;

...
...

sql = "create table modulo(id, nome, classe, istanza);";

I would like to pass nome, class and istanza as parameters

Thanks in advance for helping
 
Old 04-08-2008, 08:09 AM   #2
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
Where does the actual data come from? Are name, etc. fixed values that will be a permanent part of the program, or will they come from the user, command line, file, etc. at run time?
ta0kira
 
Old 04-08-2008, 09:25 AM   #3
shifter
Member
 
Registered: May 2006
Distribution: Slackware, DragonFly
Posts: 233

Original Poster
Rep: Reputation: 30
I'd like string where I insert parameters passed from command line.
In this way, I make sql command.

For example:

./myprogram modulo name class instance

and into myprogram to build

sql = "create table modulo(id, name, class, instance);";

Like below in shell scripiting:

echo 'create table $mod(id, $n, $c, $i)'

I'd like a string with 'formal parameter', also if this is not exactly right.
 
Old 04-08-2008, 10:38 AM   #4
prad77
Member
 
Registered: Mar 2008
Posts: 101

Rep: Reputation: 15
In order to access the command words, the main() function must have a prototype similar to the following.
int main(int argc, char * argv[])

The names argc and argv are usually used for the parameters, but a programmer could use different names.
The command words can be accessed as argv[0] through argv[argc - 1]. The program name is the first word on the command line, which is argv[0]. The command-line arguments are argv[1] through argv[argc - 1].

For example
myecho aaa bbb ccc

When this command is executed, the command interpreter calls the main() function of the myecho program with 4 passed as the argc argument and an array of 4 strings as the argv argument. argc contains the following strings.
argv[0] - "myecho"
argv[1] - "aaa"
argv[2] - "bbb"
argv[3] - "ccc"

http://www.d.umn.edu/~gshute/C/argv.html

Gentoo

Last edited by prad77; 04-17-2008 at 04:43 AM.
 
Old 04-10-2008, 02:12 PM   #5
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,397
Blog Entries: 2

Rep: Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908Reputation: 908
I think shifter means that he would like to compose his query string from variables, rather than have them hardcoded into literal strings. He can use sprintf() to print to a character array (string), or use a sequence of strcat() calls to iteratively compose the string.
Code:
    sprintf( sql, "create table modulo(id, %s, %s, %s);", nome, classe, istanza );
Is this close to what you are looking for, shifter?
--- rod.
 
Old 04-10-2008, 04:07 PM   #6
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
If you use that method, use snprintf instead of sprintf to avoid buffer overflow.
ta0kira
 
Old 04-11-2008, 09:27 AM   #7
orgcandman
Member
 
Registered: May 2002
Location: dracut MA
Distribution: Fedora, RHEL
Posts: 600

Rep: Reputation: 109Reputation: 109
Quote:
Originally Posted by ta0kira View Post
If you use that method, use snprintf instead of sprintf to avoid buffer overflow.
ta0kira
snprintf only gives the illusion of safety.

For instance, if someone gives the following arguments:

./foo %s garbage %-12d 13

what is the output? How does snprintf behave? format string vulnerabilities are just as easily exploited as buffer lengths. If this is just for home use, sprintf is fine.
 
Old 04-11-2008, 09:55 AM   #8
95se
Member
 
Registered: Apr 2002
Location: Windsor, ON, CA
Distribution: Ubuntu
Posts: 740

Rep: Reputation: 32
Quote:
Originally Posted by orgcandman View Post
snprintf only gives the illusion of safety.

For instance, if someone gives the following arguments:

./foo %s garbage %-12d 13

what is the output? How does snprintf behave? format string vulnerabilities are just as easily exploited as buffer lengths. If this is just for home use, sprintf is fine.
In that case the output would be "create table %s(id, garbage, %-12d, 13);". The formatted output functions don't treat the additional parameters like the format string. If there is a %s, they print it (or store it in a string) exactly as written. That said, there is still an issue with SQL injection attacks that should be addressed.
 
Old 04-11-2008, 10:01 AM   #9
ta0kira
Senior Member
 
Registered: Sep 2004
Distribution: FreeBSD 9.1, Kubuntu 12.10
Posts: 3,078

Rep: Reputation: Disabled
Quote:
Originally Posted by orgcandman View Post
snprintf only gives the illusion of safety.
Not sure what you're talking about. Using user-provided strings as the format string is always a security weakness regardless of the function used. The point of snprintf is that if I tell it I only have X characters available, it won't write more than that.
Code:
#include <stdio.h>
#include <stdlib.h>
 
void unsafe(char *wWrite)
{ sprintf(wWrite, "%s", "0123456789ABCDEF"); }
 
void safe(char *wWrite, unsigned int sSize)
{ snprintf(wWrite, sSize, "%s", "0123456789ABCDEF"); }
 
int main()
{
    char buffer[8];
    char overflow[10] = "\0";
 
    safe(buffer, 8);
    printf("%s [%s]\n", buffer, overflow);
 
    unsafe(buffer);
    printf("%s\n", overflow);
    //(no point printing 'buffer' above since the null char will be in 'overflow')
}
ta0kira
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
need help passing parameters in C++ hedpe Programming 1 10-21-2007 11:58 AM
Passing parameters to PERL script paddyjoy Programming 3 03-07-2006 12:04 PM
passing parameters to network modules muru Linux - Networking 4 10-21-2005 11:44 AM
Passing parameters to a shell script neocookie Linux - General 5 10-20-2005 12:44 PM
Passing Parameters to Bash Script mooreted Linux - Software 3 04-05-2004 10:08 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 02:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration