For example, if I write function like:
void CreateSQL_SetName( char* buffer, int size, const char* szName, const
char* szCondition)
{
sqlite3_snprintf( size, buffer, "UPDATE my_table SET name='%s' WHERE
%s", szName, szCondition);
}
Does SQLite 'sqlite3_snprintf()' processes the strings 'szName' and
'szCondition' to verify they do not contain escape sequence that may inject
other SQL statements into this statement?
Thanks!
John
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
