Hi,
The delimiter thing isn't relevant with the prepared statements
interface. The bound parameter is known to be a data item, not an SQL
delimiter like the SQL quote character (').
Yeah, I tried to do some SQL injection, and it didnt work :)
You should be safe using strlen rather than subtracti
Eugene Wee wrote:
But I'm still curious as to the delimiter thing, hope someone can clarify.
Oh, and also, does sqlite3_prepare() ask for the length of the statement
string in bytes including the null terminator, or excluding it? Or is it
safe to use -1 most of the time?
The delimiter thing isn't
Hi again,
> And make that
> #define SEX "M"
I have only worked with databases in PHP, and there SQL injection is a
concern.
I could hardcode the query as:
SELECT name FROM children WHERE sex='M';
SELECT name FROM children WHERE sex='F';
And they work when prepared separately, of course.
So is:
SEL
Thomas Fjellstrom <[EMAIL PROTECTED]> writes:
>> > Change sizeof to strlen here (and in the corresponding statement below);
>> > sqlite3_bind_text wants the length of the string, not the size of the
>> > pointer to it.
>>
>> sizeof(SEX)-1 is fine.
>
> I hope you mean strlen(SEX)-1
>
> sizeof is a
On March 26, 2005 07:41 pm, Mrs. Brisby wrote:
> On Sat, 2005-03-26 at 15:15 -0600, Eric Bohlman wrote:
> > #define SEX "'M'"
> >
> > >sqlite3_bind_text(stmt, index, SEX, sizeof(SEX), SQLITE_TRANSIENT);
>
> [note the extra ' in SEX]
>
> > Change sizeof to strlen here (and in the correspond
On Sat, 2005-03-26 at 15:15 -0600, Eric Bohlman wrote:
> #define SEX "'M'"
> > sqlite3_bind_text(stmt, index, SEX, sizeof(SEX),
> > SQLITE_TRANSIENT);
[note the extra ' in SEX]
> Change sizeof to strlen here (and in the corresponding statement below);
>
Eric Bohlman wrote:
Eugene Wee wrote:
#define SEX "'M'"
And make that
#define SEX "M"
Gert
Eugene Wee wrote:
As a test, I created a database containing a single table [children]. I
filled it with the names of 3 girls and 2 boys, and then tried to write
a program that selects the boys and girls separately and printed their
names.
However, I have difficulty in binding text with sqlite3_
Hi,
Are there any tutorials available to explain SQLite3's prepared
statement interface further? I adapted from:
http://www.linuxjournal.com/article/7803
As a test, I created a database containing a single table [children]. I
filled it with the names of 3 girls and 2 boys, and then tried to writ
9 matches
Mail list logo