Keith Medcalf, on Friday, November 15, 2019 03:50 PM, wrote... > > > How you would use bound parameters depends on what you are using to interface > with the sqlite3 database. > > https://www.sqlite.org/c3ref/bind_blob.html for the C interfaces. > > In something like python you would pass the bindings as a tuple to the > execute method of the cursor: > > cr.execute(sql, ('p0001', 5, '2014-02-23')) > > Basically it allows you to substitute values provided by your program into > the sql statement rather than > compose the sql statement dynamically possibly leading to injection problems.
Thanks. I am going to read about. The D libraries that I am using has it. I just never knew about it. Thanks. > https://xkcd.com/327/ Pretty funny stuff... thanks. josé _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
