mysql-cpp

mysql-cpp is a type safe and injection safe C++ interface to MySQL. It uses C++11 variadic templates to create and run prepared statements and automatically converts the results from MySQL into the appropriate datatypes.

Type safe

mysql-cpp uses type deduction to automatically convert and store the results from MySQL.

MySql connection("localhost", "user", "password");
vector<tuple<string, int>> users;
connection.runQuery(&users, "SELECT name, age FROM user");

mysql-cpp accomodates NULL values by sending tuples with std::shared_ptr or std::unique_ptr. If a NULL is encountered with a non-std::shared_ptr or non-std::unique_ptr data type, an exception is thrown.

vector<tuple<string, shared_ptr<string>>> movies;
connection.runQuery(&movies, "SELECT user, favorite_movie FROM user");
for (const auto& movie: movies) {
    if (nullptr != get<1>(movie)) {
        cout << get<0>(movie) << " likes " << *get<1>(movie) << endl;
    } else {
        cout << get<0>(movie) << " has no favorite movie" << endl;
    }
}

Other errors such as invalid output parameter size or incorrect number of bind values will be detected at runtime and will throw an exception.

Injection safe

The queries generated by mysql-cpp use prepared statements, so you don't need to worry about injection attacks. mysql-cpp will infer the types of the objects you're sending and automatically create and run the prepared statement.

int age = 29;
string username = "brandon'; DROP TABLE user; -- ";
connection->runCommand(
    "UPDATE user SET age = ? WHERE username = ?",
    age,
    username);
connection->runQuery(
    &users,
    "SELECT name, age FROM user WHERE username = ?",
    username);
assert(users.empty());