...one of the most highly
regarded and expertly designed C++ library projects in the
world.
— Herb Sutter and Andrei
Alexandrescu, C++
Coding Standards
To run a text query, use any of the following functions, passing a string-like
object (convertible to string_view
)
containing valid SQL as the first parameter:
connection::execute
or async_execute
:
these functions run the query and read the generated results into memory.
connection::start_execution
and async_start_execution
:
these functions initiate a text query as a multi-function operation.
Almost any query that may be issued in the mysql
command line can be executed using this method. This includes SELECT
s, UPDATE
s,
INSERT
s, DELETE
s,
CREATE TABLE
s...
In particular, you may start transactions issuing a START
TRANSACTION
, commit them using COMMIT
and rolling them back using ROLLBACK
.
You should generally prefer prepared statements over text queries. Text queries can be useful for simple, non-parametrized queries:
"START TRANSACTION"
,
"COMMIT"
and "ROLLBACK"
queries, for transactions.
"SET NAMES utf8mb4"
and similar, to set variables for encoding, time zones and similar configuration
options.
"CREATE TABLE ..."
and similar DDL statements.
If you need to run parametrized SQL, involving user input, you have two options:
Warning | |
---|---|
SQL injection warning: if you compose queries by concatenating strings without sanitization, your code is vulnerable to SQL injection attacks. Use prepared statements or proper formatting functions instead! |
You can run several semicolon-separated queries in a single execute()
call by enabling the handshake_params::multi_queries
option. You can find an example here.