Re: [sqlite] How to bind parameters to LIKE with sqlite3_bind_text?

Igor Tandetnik Wed, 15 Jan 2014 06:47:37 -0800

On 1/14/2014 8:10 AM, sqliteuser0000 wrote:

what is the proper way to bind string to LIKE statement?

The same way you bind any other string parameter. The fact that theparameter happens to be used as an operand of a LIKE operator is irrelevant.

std::string qry = "SELECT name "
                       " FROM Person "
                       " WHERE name LIKE ? ";

sqlite3_prepare_v2 (...)

sqlite3_bind_text(stmt, 1, qry.c_str(), -1, 0);

You are binding the text of the query as a parameter to that same query.The query you are effectively executing looks like this:

select name from Person where name LIKE 'select name from Person wherename LIKE ?';

Is that really what you meant to do? I would hate to be a person whosename matches that pattern (little Bobby Tables, we call him:http://xkcd.com/327/).

--
Igor Tandetnik

_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] How to bind parameters to LIKE with sqlite3_bind_text?

Reply via email to