Try instead of "SELECT * FROM table WHERE name LIKE ?" as your sql query,
"SELECT * FROM table WHERE name LIKE :comparison"
Thomas Zangl wrote:
Vitali Lovich schrieb:
Regarding your code snippet:
// SQL Statement is: "SELECT * FROM table WHERE name LIKE ?"
search = '%test%';
On 11/30/06, Thomas Zangl <[EMAIL PROTECTED]> wrote:
char* sql_parameter_search = '%test%'
This is not valid C. If you want help with your code, paste EXACTLY
what you're using please!
-
To unsubscribe, send email
Vitali Lovich schrieb:
Regarding your code snippet:
// SQL Statement is: "SELECT * FROM table WHERE name LIKE ?"
search = '%test%';
sqlite3_bind_text(prepared_statement, 0,search , search , SQLITE_STATIC);
First I'm not sure what language you're using - it seems Perl-like.
Anyways, the
Regarding your code snippet:
// SQL Statement is: "SELECT * FROM table WHERE name LIKE ?"
search = '%test%';
sqlite3_bind_text(prepared_statement, 0,search , search , SQLITE_STATIC);
First I'm not sure what language you're using - it seems Perl-like.
Anyways, the documentation for
Igor Tandetnik schrieb:
Hi!
Compare with this program:
string userInput;
string sql = "update UserPrefs set innocuousPref=? where userid=123;";
sqlite3_stmt* stmt;
sqlite3_prepare(db, sql.c_str(), -1, , 0);
sqlite3_bind_text(stmt, 1, userInput.c_str(), -1, SQLITE_STATIC);
sqlite3_step(stmt);
Thomas Zangl <[EMAIL PROTECTED]> wrote:
I am currently in doubt if the usage of sqlite3_prepare(...) makes my
application safer.
It is usually recommended to preapre a SQL statement before using it.
In my case, I have no need to re-use them so a simple sqlite3_exec
would
be sufficient. On the
6 matches
Mail list logo