subject:"RE\: \[sqlite\] passing C variable in query"

RE: [sqlite] passing C variable in query

2007-09-13 Thread James Dennett

> -Original Message-
> From: Yuriy Martsynovskyy [mailto:[EMAIL PROTECTED]
> Sent: Thursday, September 13, 2007 11:45 AM
> To: sqlite-users@sqlite.org
> Subject: Re: [sqlite] passing C variable in query
> 
> Hi Nishit,
> 
> > can anyone tell me the syntax of passing a C variable in a query.
> > i have taken a variable as float hd= 2000.0;
> > how it'll be passed in a query and what'll be the syntax of that
query.
> 
> First use sprintf () to insert your variable into SQL code. Then
> execute the resulting SQL

That's just about tolerable for numeric values, but in general this is
the road to SQL injection attacks and other related bugs; prefer the
prepared statement APIs and bind values to placeholders.

-- James


-
To unsubscribe, send email to [EMAIL PROTECTED]
-

Re: [sqlite] passing C variable in query

2007-09-13 Thread Yuriy Martsynovskyy

Hi Nishit,

> can anyone tell me the syntax of passing a C variable in a query.
> i have taken a variable as float hd= 2000.0;
> how it'll be passed in a query and what'll be the syntax of that query.

First use sprintf () to insert your variable into SQL code. Then
execute the resulting SQL

-
To unsubscribe, send email to [EMAIL PROTECTED]
-

RE: [sqlite] passing C variable in query

Re: [sqlite] passing C variable in query

2 matches

Site Navigation

Mail list logo

Footer information