On Mon, May 14, 2012 at 9:49 AM, Baruch Burstein <bmburst...@gmail.com>wrote:
> Are text parameters bound with sqlite3_bind_text automatically escaped and > quoted, just escaped, just quoted, or neither? > Both. And neither. The content of the parameter is not modified in any way. It is copied directly into the database file, byte for byte. This has the same effect as if the parameter had been both escaped and quoted and inserted into the SQL and then parsed, but is much faster since no conversions take place. > > -- > Programming today is a race between software engineers striving to build > bigger and better idiot-proof programs, and the Universe trying to produce > bigger and better idiots. So far, the Universe is winning. - Rich Cook > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users