Boost C++ Libraries

...one of the most highly regarded and expertly designed C++ library projects in the world. Herb Sutter and Andrei Alexandrescu, C++ Coding Standards

This is the documentation for an old version of Boost. Click here to view this page for the latest version.
PrevUpHomeNext

Text queries

To run a text query, use any of the following functions, passing a string-like object (convertible to string_view) containing valid SQL as the first parameter:

Almost any query that may be issued in the mysql command line can be executed using this method. This includes SELECTs, UPDATEs, INSERTs, DELETEs, CREATE TABLEs... In particular, you may start transactions issuing a START TRANSACTION, commit them using COMMIT and rolling them back using ROLLBACK.

Limitations

At the moment, there is no equivalent to mysql_real_escape_string to sanitize user provided input. This limits text queries to queries without parameters. Doing composition by hand can lead to SQL injection vulnerabilities. Please use prepared statements instead, which perform composition server-side in a safe way.

[Warning] Warning

SQL injection warning: if you compose queries by concatenating strings without sanitization, your code is vulnerable to SQL injection attacks. Use prepared statements when possible!

Running multiple queries at once

You can run several semicolon-separated queries in a single execute() call by enabling the handshake_params::multi_queries option. You can find an example here.

[Warning] Warning

SQL injection warning: do not use this feature if any of your queries contains untrusted input. You can create SQL injection vulnerabilities if you do.

Use cases

You should generally prefer prepared statements over text queries. Text queries can be useful for simple, non-parametrized queries:

Avoid text queries involving user input.

Copyright © 2019-2023 Ruben Perez

Distributed under the Boost Software License, Version 1.0. (See accompanying file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)

PrevUpHomeNext