is there any function similar to sprintf in C++.Net?
-
Hi, I've to write a query which requires a function similar to "sprintf" in C For e.g. String *query; // in c++.net sprintf(query, "Select * from table_name where number = %d", no); // in C How can this be done in this environment? Thanks, Kranti
-
Hi, I've to write a query which requires a function similar to "sprintf" in C For e.g. String *query; // in c++.net sprintf(query, "Select * from table_name where number = %d", no); // in C How can this be done in this environment? Thanks, Kranti
Kranti1251984 wrote:
I've to write a query which requires a function similar to "sprintf" in C For e.g. String *query; // in c++.net sprintf(query, "Select * from table_name where number = %d", no); // in C How can this be done in this environment?
Hi Kranti1251984, yes, there is actually. For instance you could use: System::String::Format(...)
String^ s = String::Format( "(C) Currency: . . . . . . . . {0:C}\n" + "(D) Decimal:. . . . . . . . . {0:D}\n" + "(E) Scientific: . . . . . . . {1:E}\n" + "(F) Fixed point:. . . . . . . {1:F}\n" + "(G) General:. . . . . . . . . {0:G}\n" + " (default):. . . . . . . . {0} (default = 'G')\n" + "(N) Number: . . . . . . . . . {0:N}\n" + "(P) Percent:. . . . . . . . . {1:P}\n" + "(R) Round-trip: . . . . . . . {1:R}\n" + "(X) Hexadecimal:. . . . . . . {0:X}\n", -123, -123.45f); Console::WriteLine(s);In addition i would like to point out, that it would be more secure to use parameters when constructing dynamic SQL statements. best regards Tobias -
Kranti1251984 wrote:
I've to write a query which requires a function similar to "sprintf" in C For e.g. String *query; // in c++.net sprintf(query, "Select * from table_name where number = %d", no); // in C How can this be done in this environment?
Hi Kranti1251984, yes, there is actually. For instance you could use: System::String::Format(...)
String^ s = String::Format( "(C) Currency: . . . . . . . . {0:C}\n" + "(D) Decimal:. . . . . . . . . {0:D}\n" + "(E) Scientific: . . . . . . . {1:E}\n" + "(F) Fixed point:. . . . . . . {1:F}\n" + "(G) General:. . . . . . . . . {0:G}\n" + " (default):. . . . . . . . {0} (default = 'G')\n" + "(N) Number: . . . . . . . . . {0:N}\n" + "(P) Percent:. . . . . . . . . {1:P}\n" + "(R) Round-trip: . . . . . . . {1:R}\n" + "(X) Hexadecimal:. . . . . . . {0:X}\n", -123, -123.45f); Console::WriteLine(s);In addition i would like to point out, that it would be more secure to use parameters when constructing dynamic SQL statements. best regards Tobias2beeIn addition i would like to point out, that it would be more secure to use parameters when constructing dynamic SQL statements.
Just to add to Tobias' quoted comment, SQL Injection can be a big problem. For instance, a user can "inject" a DELETE statement into your programmically built SQL string and do some serious damage. Using parameters, SQL injection is impossible.