On 26 Nov 2011, at 4:00pm, Jean-Christophe Deschamps wrote: >> So I make up for it by using an 'exec' which executes only the first >> command, and by hashing the command so that tampering with it would make it >> fail the hash. > > AFAIK sqlite3_exec will hapilly prepare and run more than one statements in a > row. I use it all the time.
But several APIs offer ones which won't. For instance http://www.php.net/manual/en/sqlite3.query.php will only execute one command. So even if someone cracks my (fairly secure but not paranoid) system and does a 'little Bobby Tables' on me, the second command won't be executed. >> I hadn't known [_exec] removal was even being considered. > > Not by the dev team AFAIK but the idea has been expressed several times that > it was an obsolote, useless API we should get rid of. Arghhhhhh ! I use _prepare for apps which do a lot of processing, but quite a lot of my SQLite use is on computers I personally control and in situations where _exec is as safe as anything. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
