Aladdin Lampé <[EMAIL PROTECTED]> wrote:
> What's the recommended usage and best practice for this function?
It's best not to use it at all, but instead use a parameterized query
and bind the user-provided untrusted string as a parameter.
Igor Tandetnik
__
Peeking at the SQLite source code, I see different usage pattern or the
sqlite3_mprintf() function:
- sqlite3_mprintf("direct static string without %");
- sqlite3_mprintf("%s", zString);
What's the recommended usage and best practice for this function?
I think that using the sqlite3_mprintf(zStr
2 matches
Mail list logo
