Igor Tandetnik wrote:
Mark Anderson wrote:
The following code seems to cause the 'template' table to become
locked.
CString querystr;
querystr.Format ("insert into templates values (NULL, '%s', '%s',
'%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
OurSKU, Description, VendorSKU, PackType, UnitsPerPack, Length,
Width, Height, WeightGross, WeightNet, UnitPrice, LabelsFlag,
WarrantyFlag);
This approach is rather risky, subject to SQL injection attack. Even
if nothing malicious is involved, consider what happens if one of the
strings, e.g. Description, happens to contain an apostrophe.
I've already taken account of injections and parsed the user unput to
quote troublesome characters such as apostrophe.
i = querystr.GetLength();
querystr2 = (char *) malloc (i);
querystr2 = querystr.GetBuffer (i);
sqlite3_exec (db, querystr2, NULL, 0, NULL);
You are leaking memory here. You don't need malloc nor GetBuffer -
just do
sqlite3_exec(db, querystr, NULL, 0, NULL);
Well I'm not leaking memory as I clean up at the end of the function, I
only pasted the relevate bits.
The sqlite3_exec() call returns with a value of 5 (SQLITE_BUSY).
SQLITE_BUSY means that some other process or thread is already running
a query against the same database. Look at sqlite_busy_handler and
sqlite_busy_timeout.
Yes I know this, but perhaps I should have said that there aren't two
processes or threads querying the same database. This is happening in a
simple
one-thread command line program.
Igor Tandetnik
__________ NOD32 1.1301 (20051123) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
