> -----Original Message----- > From: Yuriy Martsynovskyy [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 13, 2007 11:45 AM > To: sqlite-users@sqlite.org > Subject: Re: [sqlite] passing C variable in query > > Hi Nishit, > > > can anyone tell me the syntax of passing a C variable in a query. > > i have taken a variable as float hd= 2000.0; > > how it'll be passed in a query and what'll be the syntax of that query. > > First use sprintf () to insert your variable into SQL code. Then > execute the resulting SQL
That's just about tolerable for numeric values, but in general this is the road to SQL injection attacks and other related bugs; prefer the prepared statement APIs and bind values to placeholders. -- James ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
