On Fri, Nov 30, 2018 at 2:44 PM Richard Hipp <d...@sqlite.org> wrote:
> On 11/30/18, Simon Walter <si...@gikaku.com> wrote: > > Thanks Dominique, > > > > Much appreciated. I can now stop pulling out my hair. I will do > > something with sprintf. > > See https://www.sqlite.org/carray.html Right. Any table-valued function would do too. carray() is a dangerous one IMHO, since you expose a pointer to memory, and must be certain to parameter it correctly so it "interprets" the C-heap memory correctly, and does not read past-the-array-end. It's also a security risk. A safer alternative would be another table-valued function, which parses a string and returns the values as some primitive type. In fact, it's probably possible right now via the JSON1 extension, if your text value is JSON-formatted. carray() will be faster of course. But a text-parsing table-valued function would work well too. FWIW, I've been asking for the ability to bind "officially" arrays for a while :). Just look at the ML archive. Or, failing that, at least use sqlite3_mprintf() rather than > sprintf(). https://www.sqlite.org/printf.html Would that work here, when wanting to "paste" *several* values? Preventing SQL injections by proper escaping works for "scalar" values, no? _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
