On 5/16/06, Craig Morrison <[EMAIL PROTECTED]> wrote:
Jay Sprenkle wrote:
> I'm trying to write a program using sqlite2.8.
>
> I've tried using the following sql from the command line tool and it
> does not escape
> the data correctly:
> update question set qtext = 'this shouldn''t fail' where qnumber=1;
> The escaped single quote is replaced by garbage.
>
> I've tried writing a c program but the api documentation is not clear.
> Should you build the sql this way:
> update question set qtext = ? where qnumber=1;
> Then set the column data parameter (pazValue) to point to the text to
> use for qtext?
> When I do this I get updates to NULL.
>
> If version 2 does not support parameters what's the correct way to escape
> the data?
>
I don't know about parameters, but here is one way:
char *pszStatement;
#define STATEMENT "UPDATE question SET qtext = '%q' WHERE qnumber=%d;"
pszStatement = sqlite_mprintf(STATEMENT, qtext, qnumber);
sqlite_exec_printf(..); can also be used similarly..
Thanks Craig :)
I got it working finally. It does escape correctly if you use sqlite_step()
but I had problems using sqlite.exe and .READ.
I couldn't get parameters to work at all. I assume they're just not implemented
in 2.x sqlite.
