> Le 5 juin 2018 à 18:19, Igor Korot <[email protected]> a écrit : > > My query is: > > std::string query = "PRAGMA foreign_key_list( \"%w\" )"; > > Then I'm doing this: > > char *y = sqlite3_mprintf( query.c_str(), tableName ); > res = sqlite3_prepare_v2( m_db, y, -1, &stmt, 0 ); > > and then the code follows. > > So are you saying that this PRAGMA is not using the SELECT internally?
I haven't dig this discussion thread in details, but you could try: std::string query = "SELECT * FROM pragma_foreign_key_list(?)"; You will then be able to bind the table name after prepare without using printf, which is good protection against code injection depending from where your tableName value comes from and will allow you to bind new table names and re-run without preparing the statement again. -- Best Regards, Meilleures salutations, Met vriendelijke groeten, Olivier Mascia _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
