Hi Kurt, The Link i copied is named .....#sqlite3_bind_blob, but points at 9 different functions to bind values of diferent types, especially sqlite3_bind_text.
Using Google, i found this page: http://www.adp-gmbh.ch/blog/2004/october/6.html, where the rationale behind binding is explained quite well. As for an example of binding values, I use a C++ wrapper, so I have no readable code where this can be seen. Sorry. The Link sent by Simon Davies points to an SQL function "quote", so you can use SQL Language (and not C) to create an sql statement text. Martin Kurt D. Knudsen wrote: > Hi Martin, > > Thanks for the prompt reply. It seems sqlite3_mprintf() is exactly what > I was looking for. I do have to ask, though, what is the benefit of > using the blob binding? I have my tables defined either using VARCHARs > or TEXTs. I've never used the BLOB type before and am unsure of the > benefits of it. > > I've tried looking up examples that show it being used in practice, but > I seem to get lost in convoluted examples that show advanced cases > implementing the functions to perform tasks that are way out of the > scope of my needs, and therefore confuse me. > > As for the person that replied with the QUOTE clause. I have no idea > how, or where, to use it. I'm a visual person and learn by seeing it > being done. Normally, I can figure things out on my own, but I'm truly > stumped. > > I think that the sqlite3_mprintf() should suffice, however. And thanks > again for the help. > > Kurt > > -----Original Message----- > From: sqlite-users-boun...@sqlite.org > [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Martin Engelschalk > Sent: Wednesday, December 16, 2009 11:02 AM > To: General Discussion of SQLite Database > Subject: Re: [sqlite] Escaping strings to be used in queries in C/C++ > > Hi, > > The function "sqlite3_mprintf" is what you look for. > see http://www.sqlite.org/capi3ref.html#sqlite3_mprintf > > Also, you might want to use bind variables instead of putting literals > into your SQL text. > see http://www.sqlite.org/capi3ref.html#sqlite3_bind_blob > > Martin > > Kurt D. Knudsen wrote: > >> Hi guys, >> >> I've been searching high and low for a solution to this, but haven't >> found anything that I fully understand. Right now, I'm inserting text >> into a database that contains single quotes and backslashes. Is there >> > a > >> function that will properly escape these characters so they will be >> inserted properly? >> >> For example: >> >> sprintf(query, "INSERT INTO db (file) VALUES ('John's >> > Document.txt');"); > >> Obviously, I can escape it manually, but when I'm reading files from a >> directory listing, I'd need a function to escape it properly. I see >> > that > >> there's some SQLite3 QUOTE or ESCAPE clause/function, but I can't find >> any information on it. >> >> Thanks, >> >> Kurt >> _______________________________________________ >> sqlite-users mailing list >> sqlite-users@sqlite.org >> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >> >> >> > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > > _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
