ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Where does the actual data come from? Are name, etc. fixed values that will be a permanent part of the program, or will they come from the user, command line, file, etc. at run time?
ta0kira
In order to access the command words, the main() function must have a prototype similar to the following.
int main(int argc, char * argv[])
The names argc and argv are usually used for the parameters, but a programmer could use different names.
The command words can be accessed as argv[0] through argv[argc - 1]. The program name is the first word on the command line, which is argv[0]. The command-line arguments are argv[1] through argv[argc - 1].
For example
myecho aaa bbb ccc
When this command is executed, the command interpreter calls the main() function of the myecho program with 4 passed as the argc argument and an array of 4 strings as the argv argument. argc contains the following strings.
argv[0] - "myecho"
argv[1] - "aaa"
argv[2] - "bbb"
argv[3] - "ccc"
I think shifter means that he would like to compose his query string from variables, rather than have them hardcoded into literal strings. He can use sprintf() to print to a character array (string), or use a sequence of strcat() calls to iteratively compose the string.
If you use that method, use snprintf instead of sprintf to avoid buffer overflow.
ta0kira
snprintf only gives the illusion of safety.
For instance, if someone gives the following arguments:
./foo %s garbage %-12d 13
what is the output? How does snprintf behave? format string vulnerabilities are just as easily exploited as buffer lengths. If this is just for home use, sprintf is fine.
For instance, if someone gives the following arguments:
./foo %s garbage %-12d 13
what is the output? How does snprintf behave? format string vulnerabilities are just as easily exploited as buffer lengths. If this is just for home use, sprintf is fine.
In that case the output would be "create table %s(id, garbage, %-12d, 13);". The formatted output functions don't treat the additional parameters like the format string. If there is a %s, they print it (or store it in a string) exactly as written. That said, there is still an issue with SQL injection attacks that should be addressed.
Not sure what you're talking about. Using user-provided strings as the format string is always a security weakness regardless of the function used. The point of snprintf is that if I tell it I only have X characters available, it won't write more than that.
Code:
#include <stdio.h>
#include <stdlib.h>
void unsafe(char *wWrite)
{ sprintf(wWrite, "%s", "0123456789ABCDEF"); }
void safe(char *wWrite, unsigned int sSize)
{ snprintf(wWrite, sSize, "%s", "0123456789ABCDEF"); }
int main()
{
char buffer[8];
char overflow[10] = "\0";
safe(buffer, 8);
printf("%s [%s]\n", buffer, overflow);
unsafe(buffer);
printf("%s\n", overflow);
//(no point printing 'buffer' above since the null char will be in 'overflow')
}
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.