-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A.J.Millan wrote:
> Actually I have an application that regularly uses expresions as:
>
> char *zUserName = "My name";
> char *zSQL = sqlite3_mprintf ("INSERT INTO table VALUES('%q')", zUserName);
Why aren't you using bound parameters? It is far harder to do what you are
doing above, less efficient and has the potential for SQL injection attacks
(unless you remembered %q everywhere!)
These are the functions you need:
http://www.sqlite.org/c3ref/bind_blob.html
Roger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpx9jcACgkQmOOfHg372QSlIgCgxyWJHzHtQQHhiceb9eciQysy
Z/IAoIsxN3X20AY3L8YhD+tk3vW36s1N
=LZ6U
-----END PGP SIGNATURE-----
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
