logo       
<prev    next>

Re: [sqlite] Looking for a w_char alternative to the sqlite3_mprintf famili: msg#00863

sqlite-users

Subject: Re: [sqlite] Looking for a w_char alternative to the sqlite3_mprintf famili of functions

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A.J.Millan wrote:
> Actually I have an application that regularly uses expresions as:
>
> char *zUserName = "My name";
> char *zSQL = sqlite3_mprintf ("INSERT INTO table VALUES('%q')", zUserName);

Why aren't you using bound parameters? It is far harder to do what you are
doing above, less efficient and has the potential for SQL injection attacks
(unless you remembered %q everywhere!)

These are the functions you need:

http://www.sqlite.org/c3ref/bind_blob.html

Roger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpx9jcACgkQmOOfHg372QSlIgCgxyWJHzHtQQHhiceb9eciQysy
Z/IAoIsxN3X20AY3L8YhD+tk3vW36s1N
=LZ6U
-----END PGP SIGNATURE-----
_______________________________________________
sqlite-users mailing list
sqlite-users@xxxxxxxxxx
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [sqlite] DELETE ststement not working as expected, John Loveys
Next by Date:  Re: [sqlite] Multi-master replication with updated Versioning?extension, Simon Slavin
Previous by Thread:  [sqlite] Looking for a w_char alternative to the sqlite3_mprintf famili of functions, A.J.Millan
Next by Thread:  [sqlite] DELETE ststement not working as expected, John Loveys
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | Mail Home | sitemap | FAQ | advertise