On Oct 15, 2008, at 11:31 AM, Igor Tandetnik wrote: > Alberto Tellaeche <[EMAIL PROTECTED]> > wrote: >> work perfectly well, but I am having a very annoying problem with >> sqlite3_exec() function. The code just after the example above is: >> >> memset(orden_SQL,0,200*sizeof(char)); >> sprintf(orden_SQL,"update ALUMNO set nota=%0.1f where >> dni='%s';",nota,dni); >> res=sqlite3_exec(db,orden_SQL,0,0,&errorMsg); >> sqlite3_free(errorMsg); > > Examine orden_SQL after sprintf, check that it's as expected. For > example, sprintf is locale sensitive: if your locale, say, uses comma > for decimal separator rather than a period, the query would end up > with > something like "set nota=1,1". But SQLite expects to see a period for > decimal separator. >
You can avoid the locale problem by using sqlite3_snprintf() instead of sprintf(). sqlite3_snprintf() always uses "." for the radix point regardless of what locale says - for exactly the reason that Igor cites. Also with sqlite3_snprintf() you can use %Q instead of '%s' to avoid SQL injection attacks. D. Richard Hipp [EMAIL PROTECTED] _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
