Igor Tandetnik schrieb:
Hi!
Compare with this program:
string userInput;
string sql = "update UserPrefs set innocuousPref=? where userid=123;";
sqlite3_stmt* stmt;
sqlite3_prepare(db, sql.c_str(), -1, &stmt, 0);
sqlite3_bind_text(stmt, 1, userInput.c_str(), -1, SQLITE_STATIC);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
Well - ok ;-) I am quite sure that my version is safe but anyway I tried
sqlite3_prepare. Now I have some problems debugging it.
I tried to use
void *sqlite3_trace(sqlite3*, void(*xTrace)(void*,const char*), void*);
but I get the input of the prepare call - no ? replaced by the actual values.
Any ideas how to debug this? I have doubts that my SQL statement is bound
correctly.
What I try todo is something like this:
// SQL Statement is: "SELECT * FROM table WHERE name LIKE ?"
search = '%test%';
qlite3_bind_text(prepared_statement, 0,search , search , SQLITE_STATIC);
Any ideas?
TIA,
Thomas
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
