Besides which, of course, you example is useless. The sqlite3_value_frombind would be used to find out if the parameter came from a binding or not as in, within the SomeFunction function, to determine if the parameter were a "bound" parameter or not. Example:
select SomeFunction(?); select SomeFunction(42); Then the implementation of SomeFunction can test whether or not the argument it received was a "bound" parameter (the first case) or not (the second case). --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >-----Original Message----- >From: sqlite-users [mailto:sqlite-users- >boun...@mailinglists.sqlite.org] On Behalf Of Keith Medcalf >Sent: Wednesday, 17 April, 2019 12:38 >To: SQLite mailing list >Subject: Re: [sqlite] Use cases for sqlite3_value_frombind()? > > >Simon, > >There are fields (columns) in your invoices table named 1.23 and >7524? Why did you do this (or did you just use the wrong quotes >around text strings?) > > >--- >The fact that there's a Highway to Hell but only a Stairway to Heaven >says a lot about anticipated traffic volume. > > >>-----Original Message----- >>From: sqlite-users [mailto:sqlite-users- >>boun...@mailinglists.sqlite.org] On Behalf Of Simon Slavin >>Sent: Wednesday, 17 April, 2019 12:22 >>To: SQLite mailing list >>Subject: Re: [sqlite] Use cases for sqlite3_value_frombind()? >> >>On 17 Apr 2019, at 6:37pm, Stephen Chrzanowski <pontia...@gmail.com> >>wrote: >> >>> What measures the trustworthiness? At what point would the >running >>> application be notified that the statement was bound or injection >>avenue? >> >>You can include parameters as text in your SQL command: >> >> UPDATE invoices SET toBePaid="1.23" WHERE customerId="7524" >> >>If someone is attacking your server using SQL injection on a whole >>statement, that's what they'd do. And sqlite3_value_frombind() >would >>return FALSE. Of course, to detect this the application does need >to >>call sqlite3_value_frombind() on each parameter it cares about. >>_______________________________________________ >>sqlite-users mailing list >>sqlite-users@mailinglists.sqlite.org >>http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > > > >_______________________________________________ >sqlite-users mailing list >sqlite-users@mailinglists.sqlite.org >http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
