0

I am aware most people do dispatchqueue.main.async or dispatch_async(dispatch_get_main_queue(), ^{ but what would be the correct way to call from main thread for Objective C?

Specifically I wanna call a textfieldview from main thread inside a query code.

intelligentwoman
  • 7
  • 4
  • 1
    The main queue is an execution queue which corresponds to the main thread, so dispatching onto the main queue will run the code on the main thread. Is there anything which would prevent you from doing that? – Itai Ferber Dec 13 '21 at 14:46
  • What is the syntax line of code for that? – intelligentwoman Dec 13 '21 at 14:51
  • 1
    It's the syntax you posted above: `dispatch_async(dispatch_get_main_queue(), ^{ ... })` where the code you want to run on the main thread goes inside of the block (`^{ ... }`) – Itai Ferber Dec 13 '21 at 15:12
  • Should i do that for the whole query or do that just for the line `self.websiteTextField.text` – intelligentwoman Dec 13 '21 at 15:28
  • `dispatch_async(dispatch_get_main_queue(), ^{self.websiteTextField.text;})];` I keep getting `Argument type 'void' is incomplete` error msg – intelligentwoman Dec 13 '21 at 15:29
  • That is because you simply reference the text field’s `text` property, but didn’t do anything with it. E.g., you might put the whole building of that `NSString` with `stringWithFormat` inside that `dispatch_async`. – Rob Dec 13 '21 at 15:44
  • 2
    As an aside, it is imprudent to insert values into your SQL with the `%@` pattern. What if the `websiteTextField.text` value had a `'` in it? The SQL would suddenly no longer be valid. Instead, you should use `?` placeholder in your SQL and then bind values to those placeholders. In SQLite, see [here](https://stackoverflow.com/a/27386276/1271826) or [here](https://stackoverflow.com/a/18254545/1271826). Those are `INSERT` statements, but the same is true with `SELECT` statements, e.g. `SELECT … FROM tableTod WHERE Facils = ?` (without any quotation marks around the `?`). – Rob Dec 13 '21 at 16:19
  • 1
    To expand on the point made by @Rob : this could be an SQL injection vulnerability. See https://bobby-tables.com for a bit more information. – sbooth Dec 13 '21 at 18:03
  • If any user can damage your database, that's a risk. – gnasher729 Dec 13 '21 at 19:33

1 Answers1

-1

Answer:

I found the solution by just implementing the dispatch async code. It is not SQL injection. Thanks.

intelligentwoman
  • 7
  • 4
  • 3
    Obviously it IS an SQL injection vulnerability. – gnasher729 Dec 13 '21 at 19:34
  • 1
    Try searching for a string with an apostrophe in it (one with simple `'`). It will fail when you prepare your SQL. Again, the SQL injection attack is less of an issue than simple error when you prepare a malformed SQL statement. Using `?` placeholders and binding the values will avoid that problem. It’s admittedly unrelated to your “main thread/queue” question, but is an important thing to keep in mind. If you don't adopt this `?` placeholder and binding values, you _will_ eventually regret it. Just because you solved your main thread problem does not mean you don't have a deeper SQL problem. – Rob Dec 13 '21 at 19:39