Lee Crain <[EMAIL PROTECTED]> wrote:
Why is it "highly recommended" to use the function call sequence you iterate in preference to the sqlite3_exe call, since it is implemented using that sequence?
1) It's usually easier to write a loop, than to break out the body of the loop into a separate callback function that can only communicate with the mainline by way of side effects.
2) It avoids unnecessary type conversions. The callback always gets the data as strings: sqlite3_column_* can get data in its original format (e.g. as integers).
3) sqlite3_exec doesn't support parameters (see sqlite3_param_*) which leads to excessive use of sprintf or similar, which in turn creates opportunities for SQL injection attacks.
Igor Tandetnik
----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
