So I'm summarising for the net. To render a string into quotable form (1) Replace each apostrophe in it with two apostrophes. (2) Surround it with single apostrophes.
That's all there is to worry about apart from 0x00 characters, which don't worry me for other reasons. Do those two things and there's no danger of any attacks, injection or otherwise. I don't think that's sufficiently complicated to make it worth using SQLite's own functions so I'll just code it myself. If anyone sees anything wrong with the above, please post. Otherwise I'd just like to thank those who replied to my query for their help. Simon. _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
