> -Original Message-
> From: Yuriy Martsynovskyy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 13, 2007 11:45 AM
> To: email@example.com
> Subject: Re: [sqlite] passing C variable in query
> Hi Nishit,
> > can anyone tell me the syntax of passing a C variable in a query.
> > i have taken a variable as float hd= 2000.0;
> > how it'll be passed in a query and what'll be the syntax of that
> First use sprintf () to insert your variable into SQL code. Then
> execute the resulting SQL
That's just about tolerable for numeric values, but in general this is
the road to SQL injection attacks and other related bugs; prefer the
prepared statement APIs and bind values to placeholders.
To unsubscribe, send email to [EMAIL PROTECTED]