mysql-cpp is a type safe and injection safe C++ interface to MySQL. It uses
C++11 variadic templates to create and run prepared statements and
automatically converts the results from MySQL into the appropriate datatypes.
mysql-cpp uses type deduction to automatically convert and store the results
from MySQL.
MySql connection("localhost", "user", "password");
vector<tuple<string, int>> users;
connection.runQuery(&users, "SELECT name, age FROM user");
mysql-cpp accomodates NULL values by sending tuples with std::shared_ptr
or std::unique_ptr. If a NULL is encountered with a non-std::shared_ptr
or non-std::unique_ptr data type, an exception is thrown.
vector<tuple<string, shared_ptr<string>>> movies;
connection.runQuery(&movies, "SELECT user, favorite_movie FROM user");
for (const auto& movie: movies) {
if (nullptr != get<1>(movie)) {
cout << get<0>(movie) << " likes " << *get<1>(movie) << endl;
} else {
cout << get<0>(movie) << " has no favorite movie" << endl;
}
}
Other errors such as invalid output parameter size or incorrect number of bind values will be detected at runtime and will throw an exception.
The queries generated by mysql-cpp use prepared statements, so you don't need
to worry about injection attacks. mysql-cpp will infer the types of the
objects you're sending and automatically create and run the prepared statement.
int age = 29;
string username = "brandon'; DROP TABLE user; -- ";
connection->runCommand(
"UPDATE user SET age = ? WHERE username = ?",
age,
username);
connection->runQuery(
&users,
"SELECT name, age FROM user WHERE username = ?",
username);
assert(users.empty());