On Sep 14, 2017, at 10:27 AM, Jens Alfke <j...@mooseyard.com> wrote:
>
> s << "INSERT INTO " << table_name << " (" << data;
You probably just wrote a SQL injection vulnerability.
Use prepared statements, [named] parameters, and the “bind” functions to build
the query string instead.
https://sqlite.org/c3ref/stmt.html
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
