-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathc++-mysql-crud.cpp
123 lines (112 loc) · 3.33 KB
/
c++-mysql-crud.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#include <iostream>
#include <string>
#include <stdexcept>
#include <mysql_connection.h>
#include <cppconn/driver.h>
#include <cppconn/exception.h>
#include <cppconn/statement.h>
#include <cppconn/prepared_statement.h>
/**
* Namespace GGlink
*
* @author Mokter Hossain
* @email [email protected]
* @website www.gglink.uk
* @github https://github.com/moktermd08
* @linkedin https://www.linkedin.com/in/mr-mokter/
* @twitter https://twitter.com/moGGLink
*/
namespace GGlink {
/**
* Class Database
*
* Provides functionalities for database interactions.
*/
class Database {
private:
const std::string host = "tcp://localhost:3306";
const std::string user = "user";
const std::string password = "password";
const std::string database = "database";
sql::Driver* driver;
std::unique_ptr<sql::Connection> connection;
public:
/**
* Establishes a database connection.
*
* @throws std::runtime_error If connection to the database fails
*/
void connect() {
try {
driver = get_driver_instance();
connection.reset(driver->connect(host, user, password));
connection->setSchema(database);
} catch (sql::SQLException &e) {
throw std::runtime_error("Failed to connect to the database: " + std::string(e.what()));
}
}
/**
* Closes the database connection.
*/
void disconnect() {
connection.reset(nullptr);
}
/**
* Executes a simple query (e.g., INSERT, UPDATE, DELETE).
*
* @param query The SQL query to execute.
*/
void execute(const std::string& query) {
try {
std::unique_ptr<sql::Statement> stmt(connection->createStatement());
stmt->execute(query);
} catch (sql::SQLException &e) {
throw std::runtime_error("Failed to execute query: " + std::string(e.what()));
}
}
/**
* Sanitize user input.
*
* @param data The user input data.
* @return The sanitized data.
*/
std::string sanitizeInput(const std::string& data) {
std::string sanitized;
sanitized.reserve(data.size());
for (char c : data) {
switch (c) {
case '\'': sanitized += "\\'"; break;
case '\"': sanitized += "\\\""; break;
case '\n': sanitized += "\\n"; break;
case '\r': sanitized += "\\r"; break;
case '\\': sanitized += "\\\\"; break;
default: sanitized += c; break;
}
}
return sanitized;
}
/**
* Sanitize output.
*
* @param data The data to be sent to the client.
* @return The sanitized data.
*/
std::string sanitizeOutput(const std::string& data) {
return data; // In this example, we assume the output is safe and does not require additional sanitization
}
};
} // namespace GGlink
// Usage Example:
int main() {
GGlink::Database db;
try {
db.connect();
std::string safeInput = db.sanitizeInput("user' OR '1'='1");
std::cout << "Sanitized Input: " << safeInput << std::endl;
db.execute("INSERT INTO users (name) VALUES ('" + safeInput + "')");
db.disconnect();
} catch (const std::exception& e) {
std::cerr << "Error: " << e.what() << std::endl;
}
return 0;
}