Re: [sqlite] Escaped values throws error

2008-11-17 Thread John Stanton
It is particularly valuable to use bound values when you have WWW access so that you block the possibility of SQL injection attacks. Eric Minbiole wrote: >>This is my first foree into PDO-SQLite and I saw samples using binding, >>I am using prepare() though without binding. >> >>So you think that

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Dan
On Nov 17, 2008, at 1:25 AM, P Kishor wrote: > On 11/16/08, Ben Marchbanks <[EMAIL PROTECTED]> wrote: >> Abridged sample of the insert statement that produces an error when >> trying to insert escaped text. >> >> >> INSERT INTO pageWords (word) VALUES (" \"nitch\" "); > > SQL text strings are

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Igor Tandetnik
"Ben Marchbanks" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Now I remember why I wasn't using single quotes in SQLite statements - > > because escaped single quoted values like > > 'Billy\'s bike' > > cause it to fail. You probably want 'Billy''s bike'. Backslashes don't have an

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Eric Minbiole
> This is my first foree into PDO-SQLite and I saw samples using binding, > I am using prepare() though without binding. > > So you think that had I used binding my escape issue would not be an issue ? Correct. Though I've not used PDO-SQLite (I use the C interface), I would think that using bo

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Ben Marchbanks
This is my first foree into PDO-SQLite and I saw samples using binding, I am using prepare() though without binding. So you think that had I used binding my escape issue would not be an issue ? *Ben Marchbanks* www.magazooms.com Signature Email: [EMAIL PROTECTED]

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Eric Minbiole
> Now I remember why I wasn't using single quotes in SQLite statements - > > because escaped single quoted values like > > 'Billy\'s bike' > > cause it to fail. Again I think its related to PHP-PDO SQLite > implementation. Have you considered using prepared statements and bound parameters?

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Ben Marchbanks
Now I remember why I wasn't using single quotes in SQLite statements - because escaped single quoted values like 'Billy\'s bike' cause it to fail. Again I think its related to PHP-PDO SQLite implementation. *Ben Marchbanks* www.magazooms.com Signature Email: [

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Ben Marchbanks
Hmmm - thanks for straightening me out guys - somehow I thought that SQLite used double quotes *Ben Marchbanks* www.magazooms.com Signature Email: [EMAIL PROTECTED] Phone: (864) 284.9918 John Stanton wrote: > An SQL literal uses single

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Ben Marchbanks
Thanks - I did find a solution since I was not successful using sqlite_escape_string. I think that the SQLite implementation in PHP via PDO is the culprit. I wound up using double escape - str_replace("\"","\"\"",$value); *Ben Marchbanks* www.magazooms.com Signatur

Re: [sqlite] Escaped values throws error

2008-11-16 Thread John Stanton
An SQL literal uses single quotes. Ben Marchbanks wrote: > Abridged sample of the insert statement that produces an error when > trying to insert escaped text. > > > INSERT INTO pageWords (word) VALUES (" \"nitch\" "); > > SQLSTATE[HY000]: General error: 1 near "nitch": syntax error' > >

Re: [sqlite] Escaped values throws error

2008-11-16 Thread Jay A. Kreibich
On Sun, Nov 16, 2008 at 01:19:27PM -0500, Ben Marchbanks scratched on the wall: > Abridged sample of the insert statement that produces an error when > trying to insert escaped text. > > > INSERT INTO pageWords (word) VALUES (" \"nitch\" "); It is throwing an error because this is not vali

Re: [sqlite] Escaped values throws error

2008-11-16 Thread P Kishor
On 11/16/08, Ben Marchbanks <[EMAIL PROTECTED]> wrote: > Abridged sample of the insert statement that produces an error when > trying to insert escaped text. > > > INSERT INTO pageWords (word) VALUES (" \"nitch\" "); SQL text strings are delimited by single quotes. If your really want to ins

[sqlite] Escaped values throws error

2008-11-16 Thread Ben Marchbanks
Abridged sample of the insert statement that produces an error when trying to insert escaped text. INSERT INTO pageWords (word) VALUES (" \"nitch\" "); SQLSTATE[HY000]: General error: 1 near "nitch": syntax error' Using PHP Version 5.2.4 PDO SQLite - version 1.0.1 $Id: pdo_sqlite.c,