On Thu, Nov 14, 2013 at 7:58 AM, L. Wood <lwoo...@live.com> wrote: > Suppose I have a table with one text column. I insert like this: > > INSERT INTO my_table (col1) VALUES ('arbitrary UTF-8 string'); > > * Isn't it true that the string must indeed be surrounded by single quotes > as I do above? > * Isn't it true that I have to replace all occurrences of ' in the > original string with '' (to escape each single quote)? > * Do I have to do anything else at all? >
It is safer and faster to use the sqlite3_bind_text() interface. First prepare your statement like this: INSERT INTO my_table(col1) VALUES(?1); Then run: sqlite3_bind_text(pStmt, 1, zYourString, -1, SQLITE_TRANSIENT); Then run your statement: sqlite3_step(pStmt); Further information: http://www.sqlite.org/c3ref/bind_blob.html -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users