I am using a particular program which needs to be able to mess with an already-established database. It has to issue UPDATE and INSERT commands using one string for the entire command: no opportunity for binding. So it has to assemble commands by concatenation. In order to do this properly I need to know how to 'quote' a string to make it safe for inclusion in a command. In the following I am not worrying too much about BLOB fields: it would be nice if they worked but I can afford to ignore them if they're difficult.
SQLite uses single quotes for surrounding a string in a command. Single quotes inside the string should be doubled. I can do that. Is there anything else I need to worry about ? Return and newline characters ? Escape characters ? Double quotes ? Is there a simple, low-cost way I can use the QUOTE() function, or any other function provided internally to do this ? I don't want to have to simulate a fully SELECT command but if I can just call it as a string function that would be great. I assume it will do everything that's needed. Simon. _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
