Hi, The function "sqlite3_mprintf" is what you look for. see http://www.sqlite.org/capi3ref.html#sqlite3_mprintf
Also, you might want to use bind variables instead of putting literals into your SQL text. see http://www.sqlite.org/capi3ref.html#sqlite3_bind_blob Martin Kurt D. Knudsen wrote: > Hi guys, > > I've been searching high and low for a solution to this, but haven't > found anything that I fully understand. Right now, I'm inserting text > into a database that contains single quotes and backslashes. Is there a > function that will properly escape these characters so they will be > inserted properly? > > For example: > > sprintf(query, "INSERT INTO db (file) VALUES ('John's Document.txt');"); > > Obviously, I can escape it manually, but when I'm reading files from a > directory listing, I'd need a function to escape it properly. I see that > there's some SQLite3 QUOTE or ESCAPE clause/function, but I can't find > any information on it. > > Thanks, > > Kurt > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > > _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users