Hi Martin,

Thanks for the prompt reply. It seems sqlite3_mprintf() is exactly what
I was looking for. I do have to ask, though, what is the benefit of
using the blob binding? I have my tables defined either using VARCHARs
or TEXTs. I've never used the BLOB type before and am unsure of the
benefits of it.

I've tried looking up examples that show it being used in practice, but
I seem to get lost in convoluted examples that show advanced cases
implementing the functions to perform tasks that are way out of the
scope of my needs, and therefore confuse me.

As for the person that replied with the QUOTE clause. I have no idea
how, or where, to use it. I'm a visual person and learn by seeing it
being done. Normally, I can figure things out on my own, but I'm truly
stumped.

I think that the sqlite3_mprintf() should suffice, however. And thanks
again for the help.

Kurt

-----Original Message-----
From: sqlite-users-boun...@sqlite.org
[mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Martin Engelschalk
Sent: Wednesday, December 16, 2009 11:02 AM
To: General Discussion of SQLite Database
Subject: Re: [sqlite] Escaping strings to be used in queries in C/C++

Hi,

The function "sqlite3_mprintf" is what you look for.
see http://www.sqlite.org/capi3ref.html#sqlite3_mprintf

Also, you might want to use bind variables instead of putting literals 
into your SQL text.
see http://www.sqlite.org/capi3ref.html#sqlite3_bind_blob

Martin

Kurt D. Knudsen wrote:
> Hi guys,
>
> I've been searching high and low for a solution to this, but haven't
> found anything that I fully understand. Right now, I'm inserting text
> into a database that contains single quotes and backslashes. Is there
a
> function that will properly escape these characters so they will be
> inserted properly?
>
> For example:
>
> sprintf(query, "INSERT INTO db (file) VALUES ('John's
Document.txt');");
>
> Obviously, I can escape it manually, but when I'm reading files from a
> directory listing, I'd need a function to escape it properly. I see
that
> there's some SQLite3 QUOTE or ESCAPE clause/function, but I can't find
> any information on it.
>
> Thanks,
>
> Kurt
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>
>   
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to