> On Sep 14, 2017, at 11:10 AM, Warren Young wrote:
>
> You probably just wrote a SQL injection vulnerability.
> Use prepared statements, [named] parameters, and the “bind” functions to
> build the query string instead.
Yeah, you're right. I was trying to keep the example as simple as possibl
On Sep 14, 2017, at 10:27 AM, Jens Alfke wrote:
>
> s << "INSERT INTO " << table_name << " (" << data;
You probably just wrote a SQL injection vulnerability.
Use prepared statements, [named] parameters, and the “bind” functions to build
the query string instead.
https://sqlite.org/c
> On Sep 14, 2017, at 8:19 AM, Igor Tandetnik wrote:
>
> I'm pretty sure this calls string::operator+=(char), appending to the string
> a character whose ASCII code happens to be char(data). Which is unlikely to
> be what you had in mind. I suspect you get a warning from the compiler on
> th
On 9/13/2017 9:20 PM, Papa wrote:
void write(const std::string& table_name, const int pos, const int64_t data) {
...
std::string apstr = "INSERT INTO (";
apstr += table_name.data();
apstr += ", ";
apstr += data;
I'm pretty sure this calls string::operator+=(char), appen
On 2017/09/14 3:20 AM, Papa wrote:
I think the problem with this function is my lack of good
understanding of the SQL.
What I intend to do is to write one int64_t to the database, but I
don't know how to write the proper sql statement, making
sqlite3_prepare_v2 return a non SQLITE_OK value.
I think the problem with this function is my lack of good understanding
of the SQL.
What I intend to do is to write one int64_t to the database, but I don't
know how to write the proper sql statement, making sqlite3_prepare_v2
return a non SQLITE_OK value.
Any help is much appreciated.
void wr
6 matches
Mail list logo
