Stef Mientki <[EMAIL PROTECTED]> wrote:
Igor Tandetnik wrote:
You need to escape single quotes if you insist on putting string
literals directly into queries. No other characters need to be
escaped.
I've to translate doublequotes too,
possibly because I'm using double quotes around textfields ??,
Is that wrong ?
You should not be using double quotes around string literals in the
first place. It is not valid SQL. SQLite allows it as an extension, but
it might lead to unexpected results (if the string literal enclosed in
double quotes just accidentally happens to be the same as a column name,
it will be interpreted as a column reference). Just don't do it.
See also sqlite3_mprintf.
where can I find that (looked in the SQL wiki, but couldn't find it)
http://sqlite.org/capi3ref.html#sqlite3_mprintf
However, I recommend using parameterized queries and binding your
strings to parameters. Then you don't need to worry about escaping at
all.
Sorry don't know what "parameterized queries" and "binding strings to
parametrs" are,
See sqlite3_bind*
can you give me link where I can find some more information.
http://sqlite.org/capi3ref.html
Igor Tandetnik
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
