Regarding your code snippet:
// SQL Statement is: "SELECT * FROM table WHERE name LIKE ?"
search = '%test%';
sqlite3_bind_text(prepared_statement, 0,search , search , SQLITE_STATIC);
First I'm not sure what language you're using - it seems Perl-like.
Anyways, the documentation for
http://www.sqlite.org/capi3ref.html#sqlite3_bind_text gives the 4th
param as the number of bytes (not chars) while you're passing the
original string. Since I'm assuming it's Perl, it won't generate an
error on the type mismatch. You generally want to pass -1 for the
fourth parameter (from what I understand, -1 is always safe for
sqlite3_bind_text). Also, take care in using SQLITE_STATIC and make
sure that the string you pass remains on the heap (i.e. delete isn't
called, not sure if this is possible in Perl) or the stack (i.e. local
variable in scope) when you execute the statement.
Hope this helps.
PS. As for the trace, I can't help you as I've never used it (try
looking up the API reference). What I do though for my program is save
to the log the string I pass to prepare. Then I print the values that
in the order they are bound.
Thomas Zangl wrote:
Igor Tandetnik schrieb:
Hi!
Compare with this program:
string userInput;
string sql = "update UserPrefs set innocuousPref=? where userid=123;";
sqlite3_stmt* stmt;
sqlite3_prepare(db, sql.c_str(), -1, &stmt, 0);
sqlite3_bind_text(stmt, 1, userInput.c_str(), -1, SQLITE_STATIC);
sqlite3_step(stmt);
sqlite3_finalize(stmt);
Well - ok ;-) I am quite sure that my version is safe but anyway I
tried sqlite3_prepare. Now I have some problems debugging it.
I tried to use
void *sqlite3_trace(sqlite3*, void(*xTrace)(void*,const char*), void*);
but I get the input of the prepare call - no ? replaced by the actual
values.
Any ideas how to debug this? I have doubts that my SQL statement is
bound correctly.
What I try todo is something like this:
// SQL Statement is: "SELECT * FROM table WHERE name LIKE ?"
search = '%test%';
qlite3_bind_text(prepared_statement, 0,search , search , SQLITE_STATIC);
Any ideas?
TIA,
Thomas
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
To unsubscribe, send email to [EMAIL PROTECTED]
-----------------------------------------------------------------------------