char Login(MYSQL *conn, MYSQL_RES *res, MYSQL_ROW row,char *user,char *password){conn = mysql_init (NULL);//printf("%s",user);       mysql_real_connect (conn, opt_host_name, opt_user_name, opt_password,    opt_db_name, opt_port_num, opt_socket_name, opt_flags);if(mysql_real_query(conn,"SELECT password From User where username='%s';",*user)){        fprintf(stderr, "%s \n", mysql_error(conn));	printf("ERRO %s",mysql_error(conn));        printf("Press any key to continue. . . \n");//        getch();        exit(1);    }     //printf("%s",user); res=mysql_use_result(conn);while((row = mysql_fetch_row(res))!=NULL){ if(strcmp(row[0],password)==0){printf("%s\n",row[0]);printf("DEU\n");exit(1);}elseprintf("ERRO");printf("%s\n",row[0]);mysql_close (conn);exit(1);}}//Connecção a base de dados char connection_database(MYSQL *conn, MYSQL_RES *res, MYSQL_ROW row){conn = mysql_init (NULL);    mysql_real_connect (conn, opt_host_name, opt_user_name, opt_password,    opt_db_name, opt_port_num, opt_socket_name, opt_flags);    if(mysql_query(conn, "show tables"))    {        fprintf(stderr, "%s \n", mysql_error(conn));        printf("Press any key to continue. . . \n");//        getch();        exit(1);    }        res = mysql_use_result(conn);     printf("Tables in database\n");    while((row = mysql_fetch_row(res)) != NULL)        printf("%s \n", row[0]);    mysql_close (conn);    printf("Press any key to continue . . . \n");}/*menuprincial(){} */int main (int argc, char *argv[]){    MYSQL *conn; /* pointer to connection handler */    MYSQL_RES *res; /* holds the result set */    MYSQL_ROW row;char password[200]="ola";char user[200]="admin";//connection_database(conn,res,row);    Login(conn,res,row,user,password);    return 0;}

Please explain in a lot more detail what you are doing, what is happening in the program, and what is not happening.

Unfortunately the forum seems to have eaten the formatting of your code, so it would be a lot of work to reconstruct it manually. Can you post it again, taking care to ensure that the formatting is correct once you've posted.

However, I'd recommend you simplify the program first. It appears to be complex, try to simplify the program to the minimum amount required to reproduce the behaviour you're having trouble with. If possible, put all the code inside main(), and only include attempt a single, simple query.

One thing I did notice is:

mysql_real_query(conn,"SELECT password From User where username='%s';",*user)

This appears to be wrong in two ways.

• The first is that you have a format string mismatch. You are dereferencing "user", yielding a single character, but you are using a format specifier for a NUL terminated character array.

• The second is that the mysql_real_query documentation says that this function does not take a format string arguments. It takes a string and a length. It just so happens that your *user character can be implicitly treated as a number. But the behaviour is undefined as the number has no relation to the actual length of the string.

  You'd have to build the query string first, and then pass it (along with the total length) to this function.

Another point for the future, you cannot safely pass user entered data directly in a query. One thing is that the user can add quote characters into their username, and the query will likely fail with a syntax error. Worse, you can end up with security problems, this is called SQL injection. Two solutions are parameterised queries and escaping, the former being harder to mess up.

i solve the problem

i solve the problem

How did you go about solving it?

Your solution may be useful to someone with similar issues.

put the query like this and problem solve

char ola[512];
    mysql_real_connect (conn, opt_host_name, opt_user_name, opt_password,
    opt_db_name, opt_port_num, opt_socket_name, opt_flags);
snprintf(ola,sizeof ola,"SELECT password From User where username=('%s');",user);
if(mysql_query(conn,ola)){
        fprintf(stderr, "%s \n", mysql_error(conn));
    printf("ERRO %s",mysql_error(conn));
        printf("Press any key to continue. . . \n");
//        getch();
        exit(1);
    }    
res=mysql_use_result(conn);

While the query may succeed, your updated code does not appear to address some of the other concerns I've raised. In particular, it is still vulnerable to SQL injection.

In fact, it introduces* a new issue, where the combined length of the query until the format specifier and the user's name could cause some of the final characters of the query to not be written to the string, again leading to potential syntax errors and related problems.

* Well, at the very least it highlights a pre-existing issue

ok thanks topic can be close

We don't really "close" topics here. A topic naturally falls out of the active set as the conversation dies down. However, any member should feel free to weigh on on a topic should they feel the answers so far aren't complete, even if the OP has indicated they have "accepted" an answer.

That said, replying to excessively old threads is discouraged. The forum software should automatically archive old discussions after a number of months. This is for a few reasons:

For these reasons, creating a new thread is usually preferred.

ok thanks