Re: [sqlite] deleting syntax w/ PHP's PDO
Hi Sam, Although what you refer to applies more generally (e.g., the SQLite C API has support for it), in this case the best reference would be the PHP Manual's entry on the PDO extension: http://www.php.net/manual/en/ref.pdo.php In particular, read the section on "Prepared statements and stored procedures". For further reading: http://www.php.net/manual/en/function.PDO-prepare.php http://www.php.net/manual/en/function.PDOStatement-bindParam.php Regards, Eugene Wee Sam Carleton wrote: > This might be a really basic question and it might be PHP related, not > SQLite, I am not sure... > > I know that the traditional way to do a delete would be this: > > DELETE FROM users WHERE ipaddress = '192.168.1.1' > > But I have also seen syntax where the actual statement does NOT > contain the '192.168.1.1' but rather a ? and then the value is set as > a parameter on, in my case, PDO object. It is my understanding that > using the ? is much more secure then the traditional way above. Where > might I go to learn more about the ? way of doing a delete? > > Sam ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] deleting syntax w/ PHP's PDO
On Feb 16, 2008 7:08 PM, Sam Carleton <[EMAIL PROTECTED]> wrote: > This might be a really basic question and it might be PHP related, not > SQLite, I am not sure... > > I know that the traditional way to do a delete would be this: > > DELETE FROM users WHERE ipaddress = '192.168.1.1' > > But I have also seen syntax where the actual statement does NOT > contain the '192.168.1.1' but rather a ? and then the value is set as > a parameter on, in my case, PDO object. It is my understanding that > using the ? is much more secure then the traditional way above. Where > might I go to learn more about the ? way of doing a delete? > It is not any more secure, just more foolproof. You don't have to worry about injection attacks and it might even be faster, especially if you re-use the statement. -- Cory Nelson ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] deleting syntax w/ PHP's PDO
This might be a really basic question and it might be PHP related, not SQLite, I am not sure... I know that the traditional way to do a delete would be this: DELETE FROM users WHERE ipaddress = '192.168.1.1' But I have also seen syntax where the actual statement does NOT contain the '192.168.1.1' but rather a ? and then the value is set as a parameter on, in my case, PDO object. It is my understanding that using the ? is much more secure then the traditional way above. Where might I go to learn more about the ? way of doing a delete? Sam ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] SQLite Like Query Optimization
"Evans, Mark (Tandem)" <[EMAIL PROTECTED]> wrote:
> snip...
>
> >
> > LIKE operators cannot use indices unless the index is case
> > insensitive. Use GLOB for case sensitive fields.
> >
>
> Richard - i'm not sure i understand "unless the index is case insensitive."
> How does that relate to:
>
> sqlite> create table t (a varchar(10) primary key, b, c);
> sqlite> pragma CASE_SENSITIVE_LIKE=OFF;
> sqlite> explain query plan select * from t where a like 'a%';
> 0|0|TABLE t
> sqlite> pragma CASE_SENSITIVE_LIKE=ON;
> sqlite> explain query plan select * from t where a like 'a%';
> 0|0|TABLE t WITH INDEX sqlite_autoindex_t_1
> sqlite>
>
> Dumb question: Is CASE_SENSITIVE_LIKE a different concept
> from "case sensitive index"?
>
Yes it is. By default ('A' LIKE 'a') is true. But if you enable
case-sensitive like then ('A' LIKE 'a') is false.
The case sensitivity of your LIKE operator must match the
case sensitivity of your indices in order for the index
to be usable as an optimization.
--
D. Richard Hipp <[EMAIL PROTECTED]>
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] SQLite Like Query Optimization
...snip... > > LIKE operators cannot use indices unless the index is case > insensitive. Use GLOB for case sensitive fields. > Richard - i'm not sure i understand "unless the index is case insensitive." How does that relate to: sqlite> create table t (a varchar(10) primary key, b, c); sqlite> pragma CASE_SENSITIVE_LIKE=OFF; sqlite> explain query plan select * from t where a like 'a%'; 0|0|TABLE t sqlite> pragma CASE_SENSITIVE_LIKE=ON; sqlite> explain query plan select * from t where a like 'a%'; 0|0|TABLE t WITH INDEX sqlite_autoindex_t_1 sqlite> Dumb question: Is CASE_SENSITIVE_LIKE a different concept from "case sensitive index"? > LIKE and GLOB operators cannot use indices if the pattern > begins with a wildcard. > > Nothing in SQLite will use an index if you are connecting > terms using OR. > > It looks like what you really want to use here is a full-text > index. Please read about the FTS3 support in SQLite. That > seems to be what you are trying to accomplish. > > -- > D. Richard Hipp <[EMAIL PROTECTED]> > Thanks, Mark ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Two commands at once
Derrell Lipman wrote: > On Feb 16, 2008 12:01 PM, Fred J. Stephens <[EMAIL PROTECTED]> wrote: >> How can I issue 2 commands to SQLite at the same time in a shell script? >> I want to temporarily change the separator for the returned data, >> something like: >> sqlite3 database.db ".separator " ", SELECT first,last FROM address;" > > sqlite3 database.db <<'EOF' > .separator " " > SELECT first, last FROM address; > EOF Ah, the here doc! I hadn't thought of that. Thanks very much. Fred ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Error when installing SQLite
Recently installed QT3 in linux for my project.I need to install SQLite database,but i got the error in step 'make'.The error found in tclsqlite.c file.Try to reinstall,but i got the same error.Even i downloaded tclsqlite.c file seperatly and install it,got the same error.What should i do? - Now you can chat without downloading messenger. Click here to know how. ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
Re: [sqlite] Two commands at once
On Feb 16, 2008 12:01 PM, Fred J. Stephens <[EMAIL PROTECTED]> wrote: > How can I issue 2 commands to SQLite at the same time in a shell script? > I want to temporarily change the separator for the returned data, > something like: > sqlite3 database.db ".separator " ", SELECT first,last FROM address;" sqlite3 database.db <<'EOF' .separator " " SELECT first, last FROM address; EOF Derrell ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
[sqlite] Two commands at once
How can I issue 2 commands to SQLite at the same time in a shell script? I want to temporarily change the separator for the returned data, something like: sqlite3 database.db ".separator " ", SELECT first,last FROM address;" But I can't get it to work. Thanks. ___ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
