-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/09/2010 09:24 AM, Kavita Raghunathan wrote: > 1. Is this an issue for storing in database ? If strcpy is used anywhere, > it would be a problem
SQLite quite happily stores/retrieves null bytes in strings. It is part of my test suite. If you use the SQLite API correctly then it is fine. (ie *you* must not use strcpy etc). Some of the SQL level functions will however stop at the first null such as string concatenation or replace. Note however that strings are to store Unicode strings, encoded as UTF-8 or UTF-16 depending on the API flavour you use. Do not save binary data into a string. > 2. I’m using sprintf to generate the SQL statement as shown below. As others have pointed out this is a really bad idea as it allows for SQL injection bugs and attacks. Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw3WAcACgkQmOOfHg372QSNigCgpxjYX4Rktm7qePeZB/bKrZHs tHkAoOIvWAhNMFjI5P8F5sy7ZuXfZkD2 =T/px -----END PGP SIGNATURE----- _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
