Problem with % n *** %n in writable segment detected *** C++ i Qt

Question

Problem with % n * %n in writable segment detected * C++ i Qt

I have program that process big data, that can't be modified. In one file we encounter "100% na" and application stop.

When I checked it with debuger, it return * %n in writable segment detected *.

I can't change visible that data, user must see "100% na". I thought of inserting some whitespace other then space after %.

Rewriting the whole applications is not a point. It runs on Windows and Linuks.

Currently the problem is in this code. I checked this in other places and it was the same. The variables are QStrings.

QSqlQuery query;

query.exec("insert into table_name ("+variable_with_columns_names+" values ("+variable_with_data_to_insert+");");

Do you have any ideas how to evade it?

edit

Prepare the query solved the problem in this spot. But it is breaking in others points. Update , Select ... where ...='100% na'(as variable), generating reports and other stuff. Whats more that this data is used by at least 5 modules, each using more then 5 data tables. So I will wait sometime, if anyone have other solution.

PS. One more question: Why is "% n" interpreted as "%n", when it shouldn't?

Funny thing is if I change "100% na" to "100%% na", I get in data base "100%% na" when it should be changed to "100% na".

Answer 1

Use prepare to prepare the query. Then insert the values using bindValue. Prepared statements should always be used in such scenarios, as they handle the escaping of special characters for you.

Answer 2

QSqlQuery query;
     query.prepare("INSERT INTO person (id, forename, surname) "
                   "VALUES (:id, :forename, :surname)");
     query.bindValue(0, 1001);
     query.bindValue(1, "Bart");
     query.bindValue(2, "Simpson");
     query.exec();

 QSqlQuery query;
     query.prepare("INSERT INTO person (id, forename, surname) "
                   "VALUES (:id, :forename, :surname)");
     query.bindValue(":id", 1001);
     query.bindValue(":forename", "Bart");
     query.bindValue(":surname", "Simpson");
     query.exec();

  QSqlQuery query;
     query.prepare("INSERT INTO person (id, forename, surname) "
                   "VALUES (?, ?, ?)");
     query.bindValue(0, 1001);
     query.bindValue(1, "Bart");
     query.bindValue(2, "Simpson");
     query.exec();

QSqlQuery query;
     query.prepare("INSERT INTO person (id, forename, surname) "
                   "VALUES (?, ?, ?)");
     query.addBindValue(1001);
     query.addBindValue("Bart");
     query.addBindValue("Simpson");
     query.exec();

any of these help?