> SQL commands do not need to be on multiple lines (they only need a > semicolon after each command). > But dot commands do.
Good to know > Have you tried the following? > (ECHO .bail on > ECHO %multiple commands%) | sqlite3.exe %dbname% This could be solution, thanks > But, much more importantly (particularly since you included BEGINNER in big > letters in your subject line): are you protecting your DB against SQL > injection attacks? I imagine this would be rather hard to do from a script, > unless you have already sanitized data coming in. Never heard about this. Thinked about this a bit, but have no idea how it could menace my CGI application. But as far I am a beginner, expecting it could be a menace but rely on Security by obscurity. Some time a go, when I start writing CGI powered by windows shell scripts, I have serched (almost whole) internet for some examples or informations, but I found nothing..... That means I am lonely with this technique ;-) No hacker will study such weird technique to intrude only one system on whole internet ;-) L. > On 7 September 2015 at 18:53, Simon Slavin <slavins at bigfraud.org> wrote: >> On 7 Sep 2015, at 8:00am, Petr L?z?ovsk? <lazna at volny.cz> wrote: >> > Uhgh.... Spent lot of time to made whole scripts bundle to use no >> tempfiles (avoiding I/Os), and not this ;-) >> > OK, few more questions: >> > >> > Does sqlite3 expect exactly one statement per one line on input? >> > Or put it into command line? sqlite3.exe %db% "%multiline_statement%" >> (have seriuos doubts about this solution) >> > Or this? echo "%multiline_statement%"|sqlite3.exe %db% >> I can tell you if this works on the Macintosh version but this may not >> necessarily mean it works on the version for your operating system. >> If not, create a text file with the commands in then feed it the text >> file. The command could look like >> sqlite3 %db% < theCommands.txt >> I think the structure you used above ... >> Unix/Linux: >> cat theCommands.txt | sqlite3.exe %db% >> Windows: >> type theCommands.txt | sqlite3.exe %db% >> will also work. >> You may find it useful to figure out a way of generating a filename which >> will never be repeated. When I try to do this I usually end up with >> something which relates to the current time. >> Simon. >> _______________________________________________ >> sqlite-users mailing list >> sqlite-users at mailinglists.sqlite.org >> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ > sqlite-users mailing list > sqlite-users at mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
