On Thu, Sep 6, 2012 at 7:52 AM, Black, Michael (IS) <michael.bla...@ngc.com>wrote:
> And, when you have problems, you should always examine your SQL by running > the EXACT same string you generate in your program through the sqlite3 > shell. This will help you to figure out if your SQL is wrong or your C++ > is wrong. > > For example even just your SELECT portion generates the wrong SQL. > > You end up with this (I'm already assuming you get rid of the your last += > of " (n_id,..." as you don't need it for a SELECT statement as already > pointed out. > > SELECT fname FROM table WHERE title = token > And what you want is > SELECT fname FROM table WHERE title = 'token' > So you need to add a single quote on both sides of adding your token. > apstr += "'"; > Bad idea. See SQL Injection Attack<http://en.wikipedia.org/wiki/SQL_injection>for a detailed explanation of why this is so bad. A far better approach is to use query parameters with sqlite3_bind_xxxx(). Or, failing that, to use sqlite3_mprintf() with the %q or %Q substitutions. > > > Michael D. Black > Senior Scientist > Advanced Analytics Directorate > Advanced GEOINT Solutions Operating Unit > Northrop Grumman Information Systems > > ________________________________________ > From: sqlite-users-boun...@sqlite.org [sqlite-users-boun...@sqlite.org] > on behalf of Baruch Burstein [bmburst...@gmail.com] > Sent: Thursday, September 06, 2012 3:45 AM > To: General Discussion of SQLite Database > Subject: EXT :Re: [sqlite] C++ - WHERE clause > > VALUES is used for INSERTing into a table, not for SELECTing. This is not > valid SQL (I would help you fix it, but I can't figure out what you were > trying to achieve.) > Here is a great reference: http://sqlite.org/lang_select.html > > On Thu, Sep 6, 2012 at 11:18 AM, Arbol One <arbol...@gmail.com> wrote: > > > As many of you know, I am trying to learn SQL using C++. > > > > Below is an error I get when I try using the C++ example below it. > > > > > > > > Error Code: 1 > > > > Error Message: near "VALUES": syntax error > > > > -------------------------------------------- > > > > > > > > Glib::ustring apstr; > > > > Glib::ustring sName; > > > > int apint; > > > > mySQLite3* db; > > > > try { > > > > db = new mySQLite3(db_name.c_str()); > > > > } catch(somexception& e) { > > > > //do something > > > > } > > > > > > > > // SQL statement > > > > apstr = "SELECT fname FROM "; > > > > apstr += this->db_table_name; > > > > apstr += " WHERE title = "; > > > > apstr += token; > > > > apstr += " (n_id, title, fname, mname, lname) VALUES (?, ?, ?, ?, > ?)"; > > // here is where the problem is see the method below > > > > apint = 1; > > > > db->setStmt(apstr); > > > > sName = db->read_str(apint); > > > > > > > > -------------------------------------------- > > > > const Glib::ustring& mySQLite3::read_str(const int pos) > > > > throw(jme::Exception) { > > > > > > > > rc = sqlite3_prepare_v2(db, this->SQLStatement.c_str(), -1, &mystmt, > > NULL); > > > > if(rc != SQLITE_OK) { > > > > // do something > > > > } > > > > rc = sqlite3_step(mystmt); > > > > if(rc == SQLITE_ROW ) { > > > > apstr = (const char*)sqlite3_column_text(mystmt,pos); > > > > } > > > > try { > > > > this->finalize(); > > > > } catch(somexception& e) { > > > > throw e; > > > > } > > > > return apstr; > > > > } > > > > What am I doing wrong? > > > > > > > > > > > > _______________________________________________ > > sqlite-users mailing list > > sqlite-users@sqlite.org > > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > > > > > > -- > ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
