Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Michael Falconer
11 Aug 2016 15:53:39 +1000 >> > To: sqlite-users@mailinglists.sqlite.org >> > Subject: Re: [sqlite] Exec vs Prepare, step, finalize. >> > >> > I have a self styled routine (similar to the glibc manual example) for >> > concatenating the strings val

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Michael Falconer
gt; > Date: Thu, 11 Aug 2016 15:53:39 +1000 > > To: sqlite-users@mailinglists.sqlite.org > > Subject: Re: [sqlite] Exec vs Prepare, step, finalize. > > > > I have a self styled routine (similar to the glibc manual example) for > > concatenating the strings values th

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Quan Yong Zhai
> From: michael.j.falco...@gmail.com > Date: Thu, 11 Aug 2016 15:53:39 +1000 > To: sqlite-users@mailinglists.sqlite.org > Subject: Re: [sqlite] Exec vs Prepare, step, finalize. > > I have a self styled routine (similar to the glibc manual example) for > concatenating the str

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Jay Kreibich
On Aug 11, 2016, at 12:53 AM, Michael Falconer wrote: > Thanks Jay, > > excellent response. I'll ask for clarity on one statement though. > > That’s the basic theory, but even knowing that, most people get it wrong. >> In short, if you’re using string

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Keith Medcalf
, 2016 23:54 > To: SQLite mailing list > Subject: Re: [sqlite] Exec vs Prepare, step, finalize. > > Thanks Jay, > > excellent response. I'll ask for clarity on one statement though. > > That’s the basic theory, but even knowing that, most people get it wrong. > > In

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Simon Slavin
On 11 Aug 2016, at 5:32am, Jay Kreibich wrote: > In short, if you’re using string manipulation functions to build your query > string, you’re very very very very likely doing it wrong. There are situations where it's the best (possibly only) way, though. If you want to offer

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Clemens Ladisch
Michael Falconer wrote: > So what exactly is the issue with the string building if it does not > include sql derived from user input? That somebody will change the code later, or use it as a template. Regards, Clemens ___ sqlite-users mailing list

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-11 Thread Stephan Beal
On Thu, Aug 11, 2016 at 7:53 AM, Michael Falconer < michael.j.falco...@gmail.com> wrote: > Thanks Jay, > > excellent response. I'll ask for clarity on one statement though. > > That’s the basic theory, but even knowing that, most people get it wrong. > > In short, if you’re using string

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-10 Thread Michael Falconer
Thanks Jay, excellent response. I'll ask for clarity on one statement though. That’s the basic theory, but even knowing that, most people get it wrong. > In short, if you’re using string manipulation functions to build your query > string, you’re very very very very likely doing it wrong. > I

Re: [sqlite] Exec vs Prepare, step, finalize.

2016-08-10 Thread Jay Kreibich
On Aug 10, 2016, at 9:21 PM, Michael Falconer wrote: > Hi all, > > just seeking some opinions, and perhaps some dev indications about > deprecation, in relation to the sqlite3_exec facility. I kind of like the > callback functionality in certain cases as it is