As Igor very astutely pointed out, the other very strong benefit of this
approach is that you always bind to a compiled SQL statement and
quarantine your application from the possibility of having a malicious
SQL attack. You win on all counts.
John Stanton wrote:
Sqlite3_exec is merely a
Sqlite3_exec is merely a wrapper around sqlite3_prepare. The name on
sqlite3_prepare is a little misleading. It is actually sqlite3_compile
and compiles your SQL into an internal metacode and applies syntax
rules. Incorrect SQL will fail on sqlite3_prepare and you can make your
program more
Thomas Zangl <[EMAIL PROTECTED]> wrote:
>
> I am quite sure that my version is safe
Famous last words. :-)
--
D. Richard Hipp <[EMAIL PROTECTED]>
-
To unsubscribe, send email to [EMAIL PROTECTED]
Dear List!
I am currently in doubt if the usage of sqlite3_prepare(...) makes my
application safer.
It is usually recommended to preapre a SQL statement before using it. In
my case, I have no need to re-use them so a simple sqlite3_exec would be
sufficient. On the other side I have been
4 matches
Mail list logo
