Hi Martin, Thanks for the prompt reply. It seems sqlite3_mprintf() is exactly what I was looking for. I do have to ask, though, what is the benefit of using the blob binding? I have my tables defined either using VARCHARs or TEXTs. I've never used the BLOB type before and am unsure of the benefits of it.
I've tried looking up examples that show it being used in practice, but I seem to get lost in convoluted examples that show advanced cases implementing the functions to perform tasks that are way out of the scope of my needs, and therefore confuse me. As for the person that replied with the QUOTE clause. I have no idea how, or where, to use it. I'm a visual person and learn by seeing it being done. Normally, I can figure things out on my own, but I'm truly stumped. I think that the sqlite3_mprintf() should suffice, however. And thanks again for the help. Kurt -----Original Message----- From: sqlite-users-boun...@sqlite.org [mailto:sqlite-users-boun...@sqlite.org] On Behalf Of Martin Engelschalk Sent: Wednesday, December 16, 2009 11:02 AM To: General Discussion of SQLite Database Subject: Re: [sqlite] Escaping strings to be used in queries in C/C++ Hi, The function "sqlite3_mprintf" is what you look for. see http://www.sqlite.org/capi3ref.html#sqlite3_mprintf Also, you might want to use bind variables instead of putting literals into your SQL text. see http://www.sqlite.org/capi3ref.html#sqlite3_bind_blob Martin Kurt D. Knudsen wrote: > Hi guys, > > I've been searching high and low for a solution to this, but haven't > found anything that I fully understand. Right now, I'm inserting text > into a database that contains single quotes and backslashes. Is there a > function that will properly escape these characters so they will be > inserted properly? > > For example: > > sprintf(query, "INSERT INTO db (file) VALUES ('John's Document.txt');"); > > Obviously, I can escape it manually, but when I'm reading files from a > directory listing, I'd need a function to escape it properly. I see that > there's some SQLite3 QUOTE or ESCAPE clause/function, but I can't find > any information on it. > > Thanks, > > Kurt > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > > _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
