You really should be using an SQLite-specific quote function
somewhere. But ... I don't see one in there (I'd have expected it to
be something like [db quote $arg]). You could work around it by doing
something like [db eval {select quote($arg)}], but that feels clunky.
The quoting you're using will work fine for many cases, but are
subject to SQL injection attack.
-scott
On 10/5/07, Andy Goth <[EMAIL PROTECTED]> wrote:
> On Fri, 05 Oct 2007 15:20:41 +0000, drh wrote
> > "Andy Goth" <[EMAIL PROTECTED]> wrote:
> > > http://wiki.tcl.tk/2633
> >
> > I suggest you go head and write a short TCL procedure to
> > accomplish the same thing.
>
> Like this?
>
> proc sql_expand {varname} {
> upvar 1 $varname var
> set result [list]
> foreach elem $var {
> lappend result '[string map {' ''} $elem]'
> }
> return [join $result ,]
> }
>
> $ set x {1 2 3}
> $ db eval "insert into xyzdata values ([sql_expand x])"
> (expands to)
> $ db eval "insert into xyzdata values ('1','2','3')"
>
> Is there any problem with the spurious quotes around the values? Will that
> interfere with integer primary key or anything like that?
>
> > There are deep technical reasons why this is very difficult
> > and unlikely to ever happen.
>
> I will spend some time familiarizing myself with the relevant bits of the
> SQLite sources to see why this is the case. :^)
>
> --
> Andy Goth
> <[EMAIL PROTECTED]>
>
>
> -----------------------------------------------------------------------------
> To unsubscribe, send email to [EMAIL PROTECTED]
> -----------------------------------------------------------------------------
>
>
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
