I do need to add that the docs say the create_function must be done in the same thread as the defined funtion is running. So if you're mutli-threaded it won't work unless each thread defines it (still doable though). Michael D. Black Senior Scientist Northrop Grumman Mission Systems
________________________________ From: sqlite-users-boun...@sqlite.org on behalf of Black, Michael (IS) Sent: Wed 5/19/2010 2:49 PM To: General Discussion of SQLite Database Subject: Re: [sqlite] SQLite file Validation When you say "create a function" -- sure you can write your own program that would do that -- but it sounds like you want something to intercept all the calls, yes? You could create an insert or update trigger. Then write your own cleanup sqlite function to stick in the trigger. Shouldn't be hard to do at all. http://www.sqlite.org/capi3ref.html#sqlite3_create_function Michael D. Black Senior Scientist Northrop Grumman Mission Systems ________________________________ From: sqlite-users-boun...@sqlite.org on behalf of seandakid Sent: Wed 5/19/2010 2:24 PM To: sqlite-users@sqlite.org Subject: [sqlite] SQLite file Validation Hi all, Total noob question for you guys: Background: I have a project where there are many components touching different SQLite dbs. Devs were told to make sure they are validating their sql statements, but as I have seen in the code, few of them have. On some components they have used the BIND statement, which will help. We are dealing with media file inputs mostly on this project, so people might have files named "Michael Jackson; Beat it; Thriller" or something like that. My concern is possible sql injections throughout the different code. We are on a tight deadline and we are unable to get back and recode a bunch of components. Question: Do you think that instead of getting them go back throughout their code, it is feasible to create a function that just eliminates the ; and replaces it with a ,? And if so, any suggested code? Thanks so much for your time. -Steve -- View this message in context: http://old.nabble.com/SQLite-file-Validation-tp28612927p28612927.html Sent from the SQLite mailing list archive at Nabble.com. _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users