Jay Sprenkle wrote:
I'm trying to write a program using sqlite2.8.I've tried using the following sql from the command line tool and it does not escape the data correctly: update question set qtext = 'this shouldn''t fail' where qnumber=1; The escaped single quote is replaced by garbage. I've tried writing a c program but the api documentation is not clear. Should you build the sql this way: update question set qtext = ? where qnumber=1; Then set the column data parameter (pazValue) to point to the text to use for qtext? When I do this I get updates to NULL. If version 2 does not support parameters what's the correct way to escape the data?
I don't know about parameters, but here is one way: char *pszStatement; #define STATEMENT "UPDATE question SET qtext = '%q' WHERE qnumber=%d;" pszStatement = sqlite_mprintf(STATEMENT, qtext, qnumber); sqlite_exec_printf(..); can also be used similarly.. -- Craig Morrison =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= http://pse.2cah.com Controlling pseudoephedrine purchases. http://www.mtsprofessional.com/ A Win32 email server that works for You.
