It's worth briefly, for the record, mentioning that the code using += is what often causes SQL injection security issues, and that prepared statements using parameters are the way to avoid that.
-- James > -----Original Message----- > From: nshaw [mailto:[EMAIL PROTECTED] > Sent: Monday, April 09, 2007 3:29 PM > To: sqlite-users@sqlite.org > Subject: Re: [sqlite] Passing Arguments to SQLite3 from C++ > > > Thanks, Ted. I'll give this a shot. > Regards, > > Nick. > > Teg wrote: [snip] > > std::string m_sSQL = "insert into family (member,age) values "; > > m_sSQL += "(" ; > > m_sSQL += name; > > m_sSQL += "," ; > > m_sSQL += "age" ; > > m_sSQL += ");" ; ----------------------------------------------------------------------------- To unsubscribe, send email to [EMAIL PROTECTED] -----------------------------------------------------------------------------
