Re: [sqlite] sqlite2 api question - updates
> I couldn't get parameters to work at all. I assume they're just not implemented > in 2.x sqlite. Prepared statements are implemented in SQLite 2.8.x. See sqlite.h for exact API and how to use it. Its very similar to SQLite3 API. Something along the lines of sqlite_compile/sqlite_bind/sqlite_step/sqlite_reset/sqlite_finalize. IIRC comments in sqlite.h are only docs for that API. wow. Imagine that. Documentation in the source! ;)
Re: [sqlite] sqlite2 api question - updates
On 5/16/06, Jay Sprenkle <[EMAIL PROTECTED]> wrote: I couldn't get parameters to work at all. I assume they're just not implemented in 2.x sqlite. Prepared statements are implemented in SQLite 2.8.x. See sqlite.h for exact API and how to use it. Its very similar to SQLite3 API. Something along the lines of sqlite_compile/sqlite_bind/sqlite_step/sqlite_reset/sqlite_finalize. IIRC comments in sqlite.h are only docs for that API. -- Nemanja Corlija <[EMAIL PROTECTED]>
Re: [sqlite] sqlite2 api question - updates
On 5/16/06, Craig Morrison <[EMAIL PROTECTED]> wrote: All it does is slurp input, concatenate it into one long string and then feed it to sqlite_exec(..). So it seems in theory the normal escaping mechanisms should work. It must be operator head space on my part... Thanks for looking though
Re: [sqlite] sqlite2 api question - updates
Jay Sprenkle wrote: > If version 2 does not support parameters what's the correct way to escape > the data? > I don't know about parameters, but here is one way: char *pszStatement; #define STATEMENT "UPDATE question SET qtext = '%q' WHERE qnumber=%d;" pszStatement = sqlite_mprintf(STATEMENT, qtext, qnumber); sqlite_exec_printf(..); can also be used similarly.. Thanks Craig :) I got it working finally. It does escape correctly if you use sqlite_step() but I had problems using sqlite.exe and .READ. I couldn't get parameters to work at all. I assume they're just not implemented in 2.x sqlite. Interesting.. I decided to take a little break from my project and look at shell.c (I currently use 2.8.13) to see what it does to process file input. Answer: Nothing much. :-) All it does is slurp input, concatenate it into one long string and then feed it to sqlite_exec(..). So it seems in theory the normal escaping mechanisms should work. -- Craig Morrison =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= http://pse.2cah.com Controlling pseudoephedrine purchases. http://www.mtsprofessional.com/ A Win32 email server that works for You.
Re: [sqlite] sqlite2 api question - updates
On 5/16/06, Craig Morrison <[EMAIL PROTECTED]> wrote: Jay Sprenkle wrote: > I'm trying to write a program using sqlite2.8. > > I've tried using the following sql from the command line tool and it > does not escape > the data correctly: >update question set qtext = 'this shouldn''t fail' where qnumber=1; > The escaped single quote is replaced by garbage. > > I've tried writing a c program but the api documentation is not clear. > Should you build the sql this way: > update question set qtext = ? where qnumber=1; > Then set the column data parameter (pazValue) to point to the text to > use for qtext? > When I do this I get updates to NULL. > > If version 2 does not support parameters what's the correct way to escape > the data? > I don't know about parameters, but here is one way: char *pszStatement; #define STATEMENT "UPDATE question SET qtext = '%q' WHERE qnumber=%d;" pszStatement = sqlite_mprintf(STATEMENT, qtext, qnumber); sqlite_exec_printf(..); can also be used similarly.. Thanks Craig :) I got it working finally. It does escape correctly if you use sqlite_step() but I had problems using sqlite.exe and .READ. I couldn't get parameters to work at all. I assume they're just not implemented in 2.x sqlite.
Re: [sqlite] sqlite2 api question - updates
Jay Sprenkle wrote: I'm trying to write a program using sqlite2.8. I've tried using the following sql from the command line tool and it does not escape the data correctly: update question set qtext = 'this shouldn''t fail' where qnumber=1; The escaped single quote is replaced by garbage. I've tried writing a c program but the api documentation is not clear. Should you build the sql this way: update question set qtext = ? where qnumber=1; Then set the column data parameter (pazValue) to point to the text to use for qtext? When I do this I get updates to NULL. If version 2 does not support parameters what's the correct way to escape the data? I don't know about parameters, but here is one way: char *pszStatement; #define STATEMENT "UPDATE question SET qtext = '%q' WHERE qnumber=%d;" pszStatement = sqlite_mprintf(STATEMENT, qtext, qnumber); sqlite_exec_printf(..); can also be used similarly.. -- Craig Morrison =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= http://pse.2cah.com Controlling pseudoephedrine purchases. http://www.mtsprofessional.com/ A Win32 email server that works for You.
[sqlite] sqlite2 api question - updates
I'm trying to write a program using sqlite2.8. I've tried using the following sql from the command line tool and it does not escape the data correctly: update question set qtext = 'this shouldn''t fail' where qnumber=1; The escaped single quote is replaced by garbage. I've tried writing a c program but the api documentation is not clear. Should you build the sql this way: update question set qtext = ? where qnumber=1; Then set the column data parameter (pazValue) to point to the text to use for qtext? When I do this I get updates to NULL. If version 2 does not support parameters what's the correct way to escape the data?
