#include #include #include void do_exit(PGconn *conn) { PQfinish(conn); exit(1); } int main(int argc, char *argv[]) { /*declaration*/ const char *conninfo; const int LEN = 10; const char *paramValues[1]; printf("main() Started...\n"); if (argc != 3) { fprintf(stderr, "Usage: ./main \n"); exit(1); } printf("main() argv[1]: %s\n", argv[1]); int rowId; /*store command line argument in int variable*/ /*validate user input*/ /*omit SQL injection*/ /*stream:argv*/ int ret = sscanf(argv[1], "%d", &rowId); /*valid user input:1 successfully filled item*/ if (ret != 1) { fprintf(stderr, "The argument must be an integer\n"); exit(1); } if (rowId < 0) { fprintf(stderr, "Error passing a negative rowId\n"); exit(1); } printf("main() LEN: %d\n", LEN); char str[LEN]; printf("main() str.length: %ld\n", sizeof(str)); snprintf(str, LEN, "%d", rowId); printf("main() str: %s\n", str); paramValues[0] = str; /*read command line*/ printf("main() argv[2]: %s\n", argv[2]); conninfo = argv[2]; /*connect to database*/ PGconn *conn = PQconnectdb(conninfo); if (PQstatus(conn) == CONNECTION_BAD) { fprintf(stderr, "Connection to database failed: %s\n", PQerrorMessage(conn)); PQfinish(conn); exit(1); }else if(PQstatus(conn)==CONNECTION_OK){ printf("main() connected to database\n"); }else{ printf("main() connection status NOT known\n"); } char *stm = "SELECT * FROM cars_cleanup WHERE Id=$1"; /*create prepared statement*/ /*conn:connection*/ /*stm:statement*/ /*1:number of passed parameters*/ /*NULL: server figures out parameter type*/ /*paramValues:pointer of an array of strings containing parameters*/ /*NULL:relevant for binary parameters*/ /*NULL:relevant for binary parameters*/ /*0:obtain result in text format*/ PGresult *res = PQexecParams(conn, stm, 1, NULL, paramValues, NULL, NULL, 0); if (PQresultStatus(res) != PGRES_TUPLES_OK) { printf("No data retrieved\n"); PQclear(res); do_exit(conn); } printf("%s %s %s\n", PQgetvalue(res, 0, 0), PQgetvalue(res, 0, 1), PQgetvalue(res, 0, 2)); PQclear(res); PQfinish(conn); return 0; }