On 4/17/19, Jens Alfke <[email protected]> wrote: > The new sqlite3_value_frombind() function sounds intriguing ā "True if value > originated from a bound parameter > ā but Iām drawing a blank thinking of use cases for it. Optimizations? > Security? What was the rationale for adding it?
This facilities additional security measures. If a value comes from a bind, then (at least in most systems) that means it did not come from an SQL injection from an attacker, and hence the value is more trustworthy. -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
