> -Original Message-
> From: Yuriy Martsynovskyy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 13, 2007 11:45 AM
> To: sqlite-users@sqlite.org
> Subject: Re: [sqlite] passing C variable in query
>
> Hi Nishit,
>
> > can anyone tell me the syntax of passing a C variable in a query.
> > i have taken a variable as float hd= 2000.0;
> > how it'll be passed in a query and what'll be the syntax of that
query.
>
> First use sprintf () to insert your variable into SQL code. Then
> execute the resulting SQL
That's just about tolerable for numeric values, but in general this is
the road to SQL injection attacks and other related bugs; prefer the
prepared statement APIs and bind values to placeholders.
-- James
-
To unsubscribe, send email to [EMAIL PROTECTED]
-