I am currently looking into parameterized queries.
Is it like this:
sqlite_prepare
sqlite_bind_*
sqlite_finalize
with the query like 'SELECT * FROM ? WHERE ? = ?'... But how can I know what I pass?
I mean with %d/%s/... It's rather obvious, but how do I know what I pass when I use those parameters...
And this project has been put aside for a while until I find a solution for this problem (it's the only thing keeping me from completing the program :p). But I have still other things to do ;-).
Thanks for any help!
At 21:35 1/11/2004, you wrote:
Steven Van Ingelgem said:
>
> Sorry but this has already been suggested by "Tiago Dionizio".
>
> I can use this, but then I have to create some kind of own printf-function
> which scans and so on and handles %q's (which is rather dumb in my
> opinion,
> as SQLite already incorporates it?).
>
>
> I think this is a va_* error but I am unable to determine the exact
> source...
Your issue then is less with SQLite and more with C++ programming. Your
error message might be showing up deep in the SQLite library, but the
problem occurs in your handling of the parameters. I would advise you not
to let your project get held up on the %Q issue, since the escaping you
need to do is pretty trivial. Also consider that SQLite 3 allows you to
use parameterized queries, which eliminates the need for the escaping
anyway.
--
Lazarus Notes from Lazarus Internet Development
http://www.lazarusid.com/notes/
Articles, Reviews and Commentary on web development
KaReL (aka Steven)
Main Webpage : http://www.karels0ft.be/
ICQ # : 35217584
pgp6uvnhC8wCR.pgp
Description: PGP signature