Jay Sprenkle wrote:
> If version 2 does not support parameters what's the correct way to
escape
> the data?
>
I don't know about parameters, but here is one way:
char *pszStatement;
#define STATEMENT "UPDATE question SET qtext = '%q' WHERE qnumber=%d;"
pszStatement = sqlite_mprintf(STATEMENT, qtext, qnumber);
sqlite_exec_printf(..); can also be used similarly..
Thanks Craig :)
I got it working finally. It does escape correctly if you use sqlite_step()
but I had problems using sqlite.exe and .READ.
I couldn't get parameters to work at all. I assume they're just not
implemented
in 2.x sqlite.
Interesting.. I decided to take a little break from my project and look
at shell.c (I currently use 2.8.13) to see what it does to process file
input. Answer: Nothing much. :-)
All it does is slurp input, concatenate it into one long string and then
feed it to sqlite_exec(..). So it seems in theory the normal escaping
mechanisms should work.
--
Craig Morrison
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
http://pse.2cah.com
Controlling pseudoephedrine purchases.
http://www.mtsprofessional.com/
A Win32 email server that works for You.
